Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Analysis ID:756014
MD5:b5678475c3c15fdafff2c5c8b49d5dc1
SHA1:7407554011988292b3e3522e19edb5532f21ee4e
SHA256:755c44b90198282d2494321b4cb18cab7e4426efd1b7f4a20f2a0793d68a2a1f
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Sigma detected: Scheduled temp file as task from temp location
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe (PID: 5592 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe MD5: B5678475C3C15FDAFFF2C5C8B49D5DC1)
    • powershell.exe (PID: 3236 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 2680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6000 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 4272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 3728 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 2072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • bVgCuQEDo.exe (PID: 1500 cmdline: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe MD5: B5678475C3C15FDAFFF2C5C8B49D5DC1)
    • schtasks.exe (PID: 5752 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • bVgCuQEDo.exe (PID: 2288 cmdline: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe MD5: B5678475C3C15FDAFFF2C5C8B49D5DC1)
    • bVgCuQEDo.exe (PID: 2888 cmdline: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe MD5: B5678475C3C15FDAFFF2C5C8B49D5DC1)
    • bVgCuQEDo.exe (PID: 1920 cmdline: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe MD5: B5678475C3C15FDAFFF2C5C8B49D5DC1)
      • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • chkdsk.exe (PID: 908 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: 2D5A2497CB57C374B3AE3080FF9186FB)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.mahalaburn.com/k0ud/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x10050:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x8dd7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8bd5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x8681:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x8cd7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x8e4f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x78cc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xedc7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xfdba:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0xb0c9:$sqlite3step: 68 34 1C 7B E1
    • 0xbc41:$sqlite3step: 68 34 1C 7B E1
    • 0xb10b:$sqlite3text: 68 38 2A 90 C5
    • 0xbc86:$sqlite3text: 68 38 2A 90 C5
    • 0xb122:$sqlite3blob: 68 53 D8 7F 8C
    • 0xbc9c:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      Click to see the 24 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPasteDetects executables potentially checking for WinJail sandbox windowditekSHen
        • 0x2a83a:$v1: SbieDll.dll
        • 0x6dc90:$v1: SbieDll.dll
        • 0x2a854:$v2: USER
        • 0x6dce4:$v2: USER
        • 0x2a860:$v3: SANDBOX
        • 0x6dd2c:$v3: SANDBOX
        • 0x6df6c:$v3: SANDBOX
        • 0x2a872:$v4: VIRUS
        • 0x2a8c2:$v4: VIRUS
        • 0x6dd78:$v4: VIRUS
        • 0x6deea:$v4: VIRUS
        • 0x2a880:$v5: MALWARE
        • 0x6ddc0:$v5: MALWARE
        • 0x2a892:$v6: SCHMIDTI
        • 0x6de0c:$v6: SCHMIDTI
        • 0x2a8a6:$v7: CURRENTUSER
        • 0x6de5c:$v7: CURRENTUSER
        16.2.bVgCuQEDo.exe.2f10600.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          16.2.bVgCuQEDo.exe.2f10600.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPasteDetects executables potentially checking for WinJail sandbox windowditekSHen
          • 0xd06a:$v1: SbieDll.dll
          • 0x504c0:$v1: SbieDll.dll
          • 0xd084:$v2: USER
          • 0x50514:$v2: USER
          • 0xd090:$v3: SANDBOX
          • 0x5055c:$v3: SANDBOX
          • 0x5079c:$v3: SANDBOX
          • 0xd0a2:$v4: VIRUS
          • 0xd0f2:$v4: VIRUS
          • 0x505a8:$v4: VIRUS
          • 0x5071a:$v4: VIRUS
          • 0xd0b0:$v5: MALWARE
          • 0x505f0:$v5: MALWARE
          • 0xd0c2:$v6: SCHMIDTI
          • 0x5063c:$v6: SCHMIDTI
          • 0xd0d6:$v7: CURRENTUSER
          • 0x5068c:$v7: CURRENTUSER
          0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            Click to see the 3 entries

            Sigma Signatures

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, ParentProcessId: 5592, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp, ProcessId: 3728, ProcessName: schtasks.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeReversingLabs: Detection: 34%
            Yara detected FormBook
            Source: Yara matchFile source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeReversingLabs: Detection: 34%
            Machine Learning detection for sample
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJoe Sandbox ML: detected
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.mahalaburn.com/k0ud/"]}
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: www.mahalaburn.com/k0ud/
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: explorer.exe, 00000018.00000000.405613153.000000000F270000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.474698963.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.364042098.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.439327241.0000000001425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma%O
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
            Source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000017.00000002.509702733.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 2136, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: chkdsk.exe PID: 908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
            Source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
            Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
            Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000017.00000002.509702733.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 2136, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: chkdsk.exe PID: 908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_0094C1640_2_0094C164
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_0094E5B00_2_0094E5B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_0094E5A20_2_0094E5A2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC06E80_2_04AC06E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC28D10_2_04AC28D1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC942D0_2_04AC942D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC65890_2_04AC6589
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC65980_2_04AC6598
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC06D90_2_04AC06D9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC23200_2_04AC2320
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC23300_2_04AC2330
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC68290_2_04AC6829
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_04AC68380_2_04AC6838
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_07B907580_2_07B90758
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_07B907480_2_07B90748
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_013FC16416_2_013FC164
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_013FE5B016_2_013FE5B0
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_013FE5A316_2_013FE5A3
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_085F004016_2_085F0040
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_085F003116_2_085F0031
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108F90018_2_0108F900
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A412018_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114100218_2_01141002
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115E82418_2_0115E824
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA83018_2_010AA830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B09018_2_0109B090
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A018_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011520A818_2_011520A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011528EC18_2_011528EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA30918_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114231B18_2_0114231B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01152B2818_2_01152B28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AAB4018_2_010AAB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112CB4F18_2_0112CB4F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B138B18_2_010B138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AEB9A18_2_010AEB9A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112EB8A18_2_0112EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BEBB018_2_010BEBB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114DBD218_2_0114DBD2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011403DA18_2_011403DA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BABD818_2_010BABD8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010D8BE818_2_010D8BE8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011323E318_2_011323E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0113FA2B18_2_0113FA2B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB23618_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011522AE18_2_011522AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011532A918_2_011532A9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114E2C518_2_0114E2C5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01152D0718_2_01152D07
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01080D2018_2_01080D20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01151D5518_2_01151D55
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D8218_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B65A018_2_010B65A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011525DD18_2_011525DD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109D5E018_2_0109D5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109841F18_2_0109841F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114D46618_2_0114D466
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB47718_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114449618_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115DFCE18_2_0115DFCE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01151FF118_2_01151FF1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011467E218_2_011467E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114D61618_2_0114D616
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A560018_2_010A5600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A6E3018_2_010A6E30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01131EB618_2_01131EB6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01152EF718_2_01152EF7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004012A418_2_004012A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0042292618_2_00422926
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0042134018_2_00421340
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0040B43718_2_0040B437
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004044C718_2_004044C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004044BE18_2_004044BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0042251418_2_00422514
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004215DC18_2_004215DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0040FE6718_2_0040FE67
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004046E718_2_004046E7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: String function: 0108B150 appears 154 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: String function: 01115720 appears 38 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: String function: 010DD08C appears 37 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9860 NtQuerySystemInformation,LdrInitializeThunk,18_2_010C9860
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9660 NtAllocateVirtualMemory,LdrInitializeThunk,18_2_010C9660
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C96E0 NtFreeVirtualMemory,LdrInitializeThunk,18_2_010C96E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9910 NtAdjustPrivilegesToken,18_2_010C9910
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9950 NtQueueApcThread,18_2_010C9950
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C99A0 NtCreateSection,18_2_010C99A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C99D0 NtCreateProcessEx,18_2_010C99D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9820 NtEnumerateKey,18_2_010C9820
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010CB040 NtSuspendThread,18_2_010CB040
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9840 NtDelayExecution,18_2_010C9840
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C98A0 NtWriteVirtualMemory,18_2_010C98A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C98F0 NtReadVirtualMemory,18_2_010C98F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9B00 NtSetValueKey,18_2_010C9B00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010CA3B0 NtGetContextThread,18_2_010CA3B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9A00 NtProtectVirtualMemory,18_2_010C9A00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9A10 NtQuerySection,18_2_010C9A10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9A20 NtResumeThread,18_2_010C9A20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9A50 NtCreateFile,18_2_010C9A50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9A80 NtOpenDirectoryObject,18_2_010C9A80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9520 NtWaitForSingleObject,18_2_010C9520
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010CAD30 NtSetContextThread,18_2_010CAD30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9540 NtReadFile,18_2_010C9540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9560 NtWriteFile,18_2_010C9560
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C95D0 NtClose,18_2_010C95D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C95F0 NtQueryInformationFile,18_2_010C95F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010CA710 NtOpenProcessToken,18_2_010CA710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9710 NtQueryInformationToken,18_2_010C9710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9730 NtQueryVirtualMemory,18_2_010C9730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9760 NtOpenProcess,18_2_010C9760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010CA770 NtOpenThread,18_2_010CA770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9770 NtSetInformationFile,18_2_010C9770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9780 NtMapViewOfSection,18_2_010C9780
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C97A0 NtUnmapViewOfSection,18_2_010C97A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9FE0 NtCreateMutant,18_2_010C9FE0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9610 NtEnumerateValueKey,18_2_010C9610
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9650 NtQueryValueKey,18_2_010C9650
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9670 NtQueryInformationProcess,18_2_010C9670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C96D0 NtCreateKey,18_2_010C96D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041E067 NtAllocateVirtualMemory,18_2_0041E067
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004012A4 NtProtectVirtualMemory,18_2_004012A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DE87 NtCreateFile,18_2_0041DE87
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DF37 NtReadFile,18_2_0041DF37
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DFB7 NtClose,18_2_0041DFB7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041E062 NtAllocateVirtualMemory,18_2_0041E062
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004014E9 NtProtectVirtualMemory,18_2_004014E9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DED9 NtReadFile,18_2_0041DED9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DE81 NtCreateFile,18_2_0041DE81
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DF81 NtReadFile,18_2_0041DF81
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334117112.0000000004AF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.336275341.0000000006CB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334036482.0000000004AD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265911908.0000000000104000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiKkH.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.328757871.0000000000FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.325498544.0000000000E3B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeBinary or memory string: OriginalFilenameiKkH.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: bVgCuQEDo.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeReversingLabs: Detection: 34%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmpJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmpJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA32E.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winEXE@23/11@0/0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.drBinary or memory string: insert into User_Transportation(UserID,TransportationID) values (@UserID,@TransID);
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.drBinary or memory string: insert into TourPlace(Name,Location,TicketPrice) values (@name,@location,@ticket);
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.drBinary or memory string: insert into User_TourPlace(UserID,TourPlaceID) values (@UserID,@TourplaceID);
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4272:120:WilError_01
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeMutant created: \Sessions\1\BaseNamedObjects\hJsqLKixTYpYBEkvNIEUwIPhHoo
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1400:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2680:120:WilError_01
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeString found in binary or memory: AddUserButton'AddUserPhoneTextbox'AdduserEmailtextbox-Adduserpasswordtextbox
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeString found in binary or memory: Username:-AddusertextBoxUsernameCash
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 0_2_0094F972 pushad ; iretd 0_2_0094F979
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeCode function: 16_2_013FF973 pushad ; iretd 16_2_013FF979
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010DD0D1 push ecx; ret 18_2_010DD0E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0042107C push eax; ret 18_2_004210CF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041A0CB push ecx; iretd 18_2_0041A0CC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004210C9 push eax; ret 18_2_004210CF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004210D2 push eax; ret 18_2_00421139
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0042209F push ebx; ret 18_2_004220A1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_00422926 push ebp; ret 18_2_00422DD3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_00421133 push eax; ret 18_2_00421139
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_004199F7 push edi; iretd 18_2_004199F8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0040A30B push esp; ret 18_2_0040A311
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_00405428 push ss; iretd 18_2_00405431
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_00421CB3 push edx; iretd 18_2_00421CBA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_00419E1A push cs; ret 18_2_00419E1B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0041DFE1 push es; retf 18_2_0041DFE2
            Source: initial sampleStatic PE information: section name: .text entropy: 7.649605681917304
            Source: initial sampleStatic PE information: section name: .text entropy: 7.649605681917304
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeFile created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 5592, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: bVgCuQEDo.exe PID: 1500, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe TID: 5576Thread sleep time: -38122s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe TID: 5596Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5752Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2108Thread sleep count: 8818 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5928Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe TID: 1536Thread sleep time: -38122s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe TID: 6132Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B6B90 rdtsc 18_2_010B6B90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8610Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8818Jump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeAPI coverage: 1.7 %
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeThread delayed: delay time: 38122Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeThread delayed: delay time: 38122Jump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000003.308065715.000000000079F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
            Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
            Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000003.308065715.000000000079F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareE673__12Win32_VideoController1222RG_1VideoController120060621000000.000000-000.902.201display.infMSBDA53Z6XYTLPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsCKBN36KZ
            Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
            Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #l"SOFTWARE\VMware, Inc.\VMware Tools
            Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
            Source: explorer.exe, 00000018.00000000.389248876.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
            Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
            Source: explorer.exe, 00000018.00000000.450556289.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
            Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
            Source: explorer.exe, 00000018.00000000.477722712.0000000005063000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
            Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
            Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000018.00000000.450556289.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
            Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: explorer.exe, 00000018.00000000.492885633.000000000F62F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Mail
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B6B90 rdtsc 18_2_010B6B90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089100 mov eax, dword ptr fs:[00000030h]18_2_01089100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089100 mov eax, dword ptr fs:[00000030h]18_2_01089100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089100 mov eax, dword ptr fs:[00000030h]18_2_01089100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h]18_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h]18_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h]18_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h]18_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A4120 mov ecx, dword ptr fs:[00000030h]18_2_010A4120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083138 mov ecx, dword ptr fs:[00000030h]18_2_01083138
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B513A mov eax, dword ptr fs:[00000030h]18_2_010B513A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B513A mov eax, dword ptr fs:[00000030h]18_2_010B513A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141951 mov eax, dword ptr fs:[00000030h]18_2_01141951
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB944 mov eax, dword ptr fs:[00000030h]18_2_010AB944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB944 mov eax, dword ptr fs:[00000030h]18_2_010AB944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108395E mov eax, dword ptr fs:[00000030h]18_2_0108395E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108395E mov eax, dword ptr fs:[00000030h]18_2_0108395E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108C962 mov eax, dword ptr fs:[00000030h]18_2_0108C962
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158966 mov eax, dword ptr fs:[00000030h]18_2_01158966
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114E962 mov eax, dword ptr fs:[00000030h]18_2_0114E962
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108B171 mov eax, dword ptr fs:[00000030h]18_2_0108B171
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108B171 mov eax, dword ptr fs:[00000030h]18_2_0108B171
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AC182 mov eax, dword ptr fs:[00000030h]18_2_010AC182
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BA185 mov eax, dword ptr fs:[00000030h]18_2_010BA185
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108519E mov eax, dword ptr fs:[00000030h]18_2_0108519E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108519E mov ecx, dword ptr fs:[00000030h]18_2_0108519E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B2990 mov eax, dword ptr fs:[00000030h]18_2_010B2990
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4190 mov eax, dword ptr fs:[00000030h]18_2_010B4190
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114A189 mov eax, dword ptr fs:[00000030h]18_2_0114A189
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114A189 mov ecx, dword ptr fs:[00000030h]18_2_0114A189
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B61A0 mov eax, dword ptr fs:[00000030h]18_2_010B61A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B61A0 mov eax, dword ptr fs:[00000030h]18_2_010B61A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011051BE mov eax, dword ptr fs:[00000030h]18_2_011051BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011051BE mov eax, dword ptr fs:[00000030h]18_2_011051BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011051BE mov eax, dword ptr fs:[00000030h]18_2_011051BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011051BE mov eax, dword ptr fs:[00000030h]18_2_011051BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h]18_2_011449A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h]18_2_011449A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h]18_2_011449A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h]18_2_011449A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h]18_2_010A99BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011069A6 mov eax, dword ptr fs:[00000030h]18_2_011069A6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011419D8 mov eax, dword ptr fs:[00000030h]18_2_011419D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010831E0 mov eax, dword ptr fs:[00000030h]18_2_010831E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h]18_2_0108B1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h]18_2_0108B1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h]18_2_0108B1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011141E8 mov eax, dword ptr fs:[00000030h]18_2_011141E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01154015 mov eax, dword ptr fs:[00000030h]18_2_01154015
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01154015 mov eax, dword ptr fs:[00000030h]18_2_01154015
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107016 mov eax, dword ptr fs:[00000030h]18_2_01107016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107016 mov eax, dword ptr fs:[00000030h]18_2_01107016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107016 mov eax, dword ptr fs:[00000030h]18_2_01107016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h]18_2_0109B02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h]18_2_0109B02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h]18_2_0109B02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h]18_2_0109B02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B002D mov eax, dword ptr fs:[00000030h]18_2_010B002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B002D mov eax, dword ptr fs:[00000030h]18_2_010B002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B002D mov eax, dword ptr fs:[00000030h]18_2_010B002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B002D mov eax, dword ptr fs:[00000030h]18_2_010B002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B002D mov eax, dword ptr fs:[00000030h]18_2_010B002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h]18_2_010AA830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h]18_2_010AA830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h]18_2_010AA830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h]18_2_010AA830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141843 mov eax, dword ptr fs:[00000030h]18_2_01141843
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085050 mov eax, dword ptr fs:[00000030h]18_2_01085050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085050 mov eax, dword ptr fs:[00000030h]18_2_01085050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085050 mov eax, dword ptr fs:[00000030h]18_2_01085050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A0050 mov eax, dword ptr fs:[00000030h]18_2_010A0050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A0050 mov eax, dword ptr fs:[00000030h]18_2_010A0050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01151074 mov eax, dword ptr fs:[00000030h]18_2_01151074
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142073 mov eax, dword ptr fs:[00000030h]18_2_01142073
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AF86D mov eax, dword ptr fs:[00000030h]18_2_010AF86D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089080 mov eax, dword ptr fs:[00000030h]18_2_01089080
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083880 mov eax, dword ptr fs:[00000030h]18_2_01083880
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083880 mov eax, dword ptr fs:[00000030h]18_2_01083880
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01103884 mov eax, dword ptr fs:[00000030h]18_2_01103884
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01103884 mov eax, dword ptr fs:[00000030h]18_2_01103884
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C90AF mov eax, dword ptr fs:[00000030h]18_2_010C90AF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h]18_2_010B20A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF0BF mov ecx, dword ptr fs:[00000030h]18_2_010BF0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF0BF mov eax, dword ptr fs:[00000030h]18_2_010BF0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF0BF mov eax, dword ptr fs:[00000030h]18_2_010BF0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov ecx, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h]18_2_0111B8D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011418CA mov eax, dword ptr fs:[00000030h]18_2_011418CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010858EC mov eax, dword ptr fs:[00000030h]18_2_010858EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h]18_2_010840E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h]18_2_010840E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h]18_2_010840E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB8E4 mov eax, dword ptr fs:[00000030h]18_2_010AB8E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB8E4 mov eax, dword ptr fs:[00000030h]18_2_010AB8E4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h]18_2_010AA309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114131B mov eax, dword ptr fs:[00000030h]18_2_0114131B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108DB40 mov eax, dword ptr fs:[00000030h]18_2_0108DB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158B58 mov eax, dword ptr fs:[00000030h]18_2_01158B58
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108F358 mov eax, dword ptr fs:[00000030h]18_2_0108F358
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h]18_2_010B3B5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h]18_2_010B3B5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h]18_2_010B3B5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h]18_2_010B3B5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108DB60 mov ecx, dword ptr fs:[00000030h]18_2_0108DB60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B7A mov eax, dword ptr fs:[00000030h]18_2_010B3B7A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3B7A mov eax, dword ptr fs:[00000030h]18_2_010B3B7A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h]18_2_0109F370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h]18_2_0109F370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h]18_2_0109F370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B138B mov eax, dword ptr fs:[00000030h]18_2_010B138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B138B mov eax, dword ptr fs:[00000030h]18_2_010B138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B138B mov eax, dword ptr fs:[00000030h]18_2_010B138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01091B8F mov eax, dword ptr fs:[00000030h]18_2_01091B8F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01091B8F mov eax, dword ptr fs:[00000030h]18_2_01091B8F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AEB9A mov eax, dword ptr fs:[00000030h]18_2_010AEB9A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AEB9A mov eax, dword ptr fs:[00000030h]18_2_010AEB9A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0113D380 mov ecx, dword ptr fs:[00000030h]18_2_0113D380
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112EB8A mov ecx, dword ptr fs:[00000030h]18_2_0112EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h]18_2_0112EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h]18_2_0112EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h]18_2_0112EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BB390 mov eax, dword ptr fs:[00000030h]18_2_010BB390
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B2397 mov eax, dword ptr fs:[00000030h]18_2_010B2397
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084B94 mov edi, dword ptr fs:[00000030h]18_2_01084B94
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114138A mov eax, dword ptr fs:[00000030h]18_2_0114138A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158BB6 mov eax, dword ptr fs:[00000030h]18_2_01158BB6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h]18_2_010B4BAD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h]18_2_010B4BAD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h]18_2_010B4BAD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01159BBE mov eax, dword ptr fs:[00000030h]18_2_01159BBE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01155BA5 mov eax, dword ptr fs:[00000030h]18_2_01155BA5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141BA8 mov eax, dword ptr fs:[00000030h]18_2_01141BA8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B53C5 mov eax, dword ptr fs:[00000030h]18_2_010B53C5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011053CA mov eax, dword ptr fs:[00000030h]18_2_011053CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011053CA mov eax, dword ptr fs:[00000030h]18_2_011053CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01081BE9 mov eax, dword ptr fs:[00000030h]18_2_01081BE9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010ADBE9 mov eax, dword ptr fs:[00000030h]18_2_010ADBE9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h]18_2_010B03E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011323E3 mov ecx, dword ptr fs:[00000030h]18_2_011323E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011323E3 mov ecx, dword ptr fs:[00000030h]18_2_011323E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011323E3 mov eax, dword ptr fs:[00000030h]18_2_011323E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114AA16 mov eax, dword ptr fs:[00000030h]18_2_0114AA16
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114AA16 mov eax, dword ptr fs:[00000030h]18_2_0114AA16
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01098A0A mov eax, dword ptr fs:[00000030h]18_2_01098A0A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A3A1C mov eax, dword ptr fs:[00000030h]18_2_010A3A1C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085210 mov eax, dword ptr fs:[00000030h]18_2_01085210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085210 mov ecx, dword ptr fs:[00000030h]18_2_01085210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085210 mov eax, dword ptr fs:[00000030h]18_2_01085210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085210 mov eax, dword ptr fs:[00000030h]18_2_01085210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108AA16 mov eax, dword ptr fs:[00000030h]18_2_0108AA16
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108AA16 mov eax, dword ptr fs:[00000030h]18_2_0108AA16
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C4A2C mov eax, dword ptr fs:[00000030h]18_2_010C4A2C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C4A2C mov eax, dword ptr fs:[00000030h]18_2_010C4A2C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h]18_2_010AA229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084A20 mov eax, dword ptr fs:[00000030h]18_2_01084A20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084A20 mov eax, dword ptr fs:[00000030h]18_2_01084A20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01088239 mov eax, dword ptr fs:[00000030h]18_2_01088239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01088239 mov eax, dword ptr fs:[00000030h]18_2_01088239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01088239 mov eax, dword ptr fs:[00000030h]18_2_01088239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h]18_2_010AB236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141229 mov eax, dword ptr fs:[00000030h]18_2_01141229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114EA55 mov eax, dword ptr fs:[00000030h]18_2_0114EA55
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01114257 mov eax, dword ptr fs:[00000030h]18_2_01114257
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089240 mov eax, dword ptr fs:[00000030h]18_2_01089240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089240 mov eax, dword ptr fs:[00000030h]18_2_01089240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089240 mov eax, dword ptr fs:[00000030h]18_2_01089240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01089240 mov eax, dword ptr fs:[00000030h]18_2_01089240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141A5F mov eax, dword ptr fs:[00000030h]18_2_01141A5F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h]18_2_010C5A69
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h]18_2_010C5A69
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h]18_2_010C5A69
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0113B260 mov eax, dword ptr fs:[00000030h]18_2_0113B260
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0113B260 mov eax, dword ptr fs:[00000030h]18_2_0113B260
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C927A mov eax, dword ptr fs:[00000030h]18_2_010C927A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158A62 mov eax, dword ptr fs:[00000030h]18_2_01158A62
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114129A mov eax, dword ptr fs:[00000030h]18_2_0114129A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BD294 mov eax, dword ptr fs:[00000030h]18_2_010BD294
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BD294 mov eax, dword ptr fs:[00000030h]18_2_010BD294
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01081AA0 mov eax, dword ptr fs:[00000030h]18_2_01081AA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B5AA0 mov eax, dword ptr fs:[00000030h]18_2_010B5AA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B5AA0 mov eax, dword ptr fs:[00000030h]18_2_010B5AA0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h]18_2_010852A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h]18_2_010852A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h]18_2_010852A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h]18_2_010852A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h]18_2_010852A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B12BD mov esi, dword ptr fs:[00000030h]18_2_010B12BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B12BD mov eax, dword ptr fs:[00000030h]18_2_010B12BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B12BD mov eax, dword ptr fs:[00000030h]18_2_010B12BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109AAB0 mov eax, dword ptr fs:[00000030h]18_2_0109AAB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109AAB0 mov eax, dword ptr fs:[00000030h]18_2_0109AAB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BFAB0 mov eax, dword ptr fs:[00000030h]18_2_010BFAB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B2ACB mov eax, dword ptr fs:[00000030h]18_2_010B2ACB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083ACA mov eax, dword ptr fs:[00000030h]18_2_01083ACA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h]18_2_01085AC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h]18_2_01085AC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h]18_2_01085AC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010812D4 mov eax, dword ptr fs:[00000030h]18_2_010812D4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B2AE4 mov eax, dword ptr fs:[00000030h]18_2_010B2AE4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h]18_2_01144AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01143518 mov eax, dword ptr fs:[00000030h]18_2_01143518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01143518 mov eax, dword ptr fs:[00000030h]18_2_01143518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01143518 mov eax, dword ptr fs:[00000030h]18_2_01143518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158D34 mov eax, dword ptr fs:[00000030h]18_2_01158D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0110A537 mov eax, dword ptr fs:[00000030h]18_2_0110A537
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h]18_2_010BF527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h]18_2_010BF527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h]18_2_010BF527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114E539 mov eax, dword ptr fs:[00000030h]18_2_0114E539
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h]18_2_010B4D3B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h]18_2_010B4D3B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h]18_2_010B4D3B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108AD30 mov eax, dword ptr fs:[00000030h]18_2_0108AD30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h]18_2_01093D34
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108354C mov eax, dword ptr fs:[00000030h]18_2_0108354C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108354C mov eax, dword ptr fs:[00000030h]18_2_0108354C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C3D43 mov eax, dword ptr fs:[00000030h]18_2_010C3D43
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01103540 mov eax, dword ptr fs:[00000030h]18_2_01103540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01133D40 mov eax, dword ptr fs:[00000030h]18_2_01133D40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A7D50 mov eax, dword ptr fs:[00000030h]18_2_010A7D50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C4D51 mov eax, dword ptr fs:[00000030h]18_2_010C4D51
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C4D51 mov eax, dword ptr fs:[00000030h]18_2_010C4D51
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h]18_2_010A8D76
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h]18_2_010A8D76
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h]18_2_010A8D76
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h]18_2_010A8D76
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h]18_2_010A8D76
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AC577 mov eax, dword ptr fs:[00000030h]18_2_010AC577
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AC577 mov eax, dword ptr fs:[00000030h]18_2_010AC577
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h]18_2_01082D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h]18_2_01082D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h]18_2_01082D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h]18_2_01082D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h]18_2_01082D8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BFD9B mov eax, dword ptr fs:[00000030h]18_2_010BFD9B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BFD9B mov eax, dword ptr fs:[00000030h]18_2_010BFD9B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h]18_2_0114B581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h]18_2_0114B581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h]18_2_0114B581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h]18_2_0114B581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h]18_2_01142D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083591 mov eax, dword ptr fs:[00000030h]18_2_01083591
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B35A1 mov eax, dword ptr fs:[00000030h]18_2_010B35A1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h]18_2_010B65A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h]18_2_010B65A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h]18_2_010B65A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011505AC mov eax, dword ptr fs:[00000030h]18_2_011505AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011505AC mov eax, dword ptr fs:[00000030h]18_2_011505AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h]18_2_010B1DB5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h]18_2_010B1DB5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h]18_2_010B1DB5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0113FDD3 mov eax, dword ptr fs:[00000030h]18_2_0113FDD3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010815C1 mov eax, dword ptr fs:[00000030h]18_2_010815C1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov ecx, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h]18_2_01106DC9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01138DF1 mov eax, dword ptr fs:[00000030h]18_2_01138DF1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109D5E0 mov eax, dword ptr fs:[00000030h]18_2_0109D5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109D5E0 mov eax, dword ptr fs:[00000030h]18_2_0109D5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h]18_2_0114FDE2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h]18_2_0114FDE2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h]18_2_0114FDE2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h]18_2_0114FDE2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010895F0 mov eax, dword ptr fs:[00000030h]18_2_010895F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010895F0 mov ecx, dword ptr fs:[00000030h]18_2_010895F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158C14 mov eax, dword ptr fs:[00000030h]18_2_01158C14
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h]18_2_01141C06
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115740D mov eax, dword ptr fs:[00000030h]18_2_0115740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115740D mov eax, dword ptr fs:[00000030h]18_2_0115740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115740D mov eax, dword ptr fs:[00000030h]18_2_0115740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h]18_2_01106C0A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h]18_2_01106C0A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h]18_2_01106C0A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h]18_2_01106C0A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BBC2C mov eax, dword ptr fs:[00000030h]18_2_010BBC2C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084439 mov eax, dword ptr fs:[00000030h]18_2_01084439
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h]18_2_010B3C3E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h]18_2_010B3C3E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h]18_2_010B3C3E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h]18_2_0109B433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h]18_2_0109B433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h]18_2_0109B433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BA44B mov eax, dword ptr fs:[00000030h]18_2_010BA44B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111C450 mov eax, dword ptr fs:[00000030h]18_2_0111C450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111C450 mov eax, dword ptr fs:[00000030h]18_2_0111C450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158C75 mov eax, dword ptr fs:[00000030h]18_2_01158C75
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A746D mov eax, dword ptr fs:[00000030h]18_2_010A746D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h]18_2_010BAC7B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C5C70 mov eax, dword ptr fs:[00000030h]18_2_010C5C70
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h]18_2_010AB477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01144496 mov eax, dword ptr fs:[00000030h]18_2_01144496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01081480 mov eax, dword ptr fs:[00000030h]18_2_01081480
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109849B mov eax, dword ptr fs:[00000030h]18_2_0109849B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108649B mov eax, dword ptr fs:[00000030h]18_2_0108649B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108649B mov eax, dword ptr fs:[00000030h]18_2_0108649B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084CB0 mov eax, dword ptr fs:[00000030h]18_2_01084CB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158CD6 mov eax, dword ptr fs:[00000030h]18_2_01158CD6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082CDB mov eax, dword ptr fs:[00000030h]18_2_01082CDB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h]18_2_01106CF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h]18_2_01106CF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h]18_2_01106CF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011414FB mov eax, dword ptr fs:[00000030h]18_2_011414FB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111FF10 mov eax, dword ptr fs:[00000030h]18_2_0111FF10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0111FF10 mov eax, dword ptr fs:[00000030h]18_2_0111FF10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BA70E mov eax, dword ptr fs:[00000030h]18_2_010BA70E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BA70E mov eax, dword ptr fs:[00000030h]18_2_010BA70E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115070D mov eax, dword ptr fs:[00000030h]18_2_0115070D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0115070D mov eax, dword ptr fs:[00000030h]18_2_0115070D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B4710 mov eax, dword ptr fs:[00000030h]18_2_010B4710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AF716 mov eax, dword ptr fs:[00000030h]18_2_010AF716
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084F2E mov eax, dword ptr fs:[00000030h]18_2_01084F2E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01084F2E mov eax, dword ptr fs:[00000030h]18_2_01084F2E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB73D mov eax, dword ptr fs:[00000030h]18_2_010AB73D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AB73D mov eax, dword ptr fs:[00000030h]18_2_010AB73D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B3F33 mov eax, dword ptr fs:[00000030h]18_2_010B3F33
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BE730 mov eax, dword ptr fs:[00000030h]18_2_010BE730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01141751 mov eax, dword ptr fs:[00000030h]18_2_01141751
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010BDF4C mov eax, dword ptr fs:[00000030h]18_2_010BDF4C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109EF40 mov eax, dword ptr fs:[00000030h]18_2_0109EF40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108A745 mov eax, dword ptr fs:[00000030h]18_2_0108A745
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0109FF60 mov eax, dword ptr fs:[00000030h]18_2_0109FF60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AE760 mov eax, dword ptr fs:[00000030h]18_2_010AE760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010AE760 mov eax, dword ptr fs:[00000030h]18_2_010AE760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01158F6A mov eax, dword ptr fs:[00000030h]18_2_01158F6A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107794 mov eax, dword ptr fs:[00000030h]18_2_01107794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107794 mov eax, dword ptr fs:[00000030h]18_2_01107794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01107794 mov eax, dword ptr fs:[00000030h]18_2_01107794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01098794 mov eax, dword ptr fs:[00000030h]18_2_01098794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov ecx, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h]18_2_01082FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_011417D2 mov eax, dword ptr fs:[00000030h]18_2_011417D2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h]18_2_01083FC5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h]18_2_01083FC5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h]18_2_01083FC5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h]18_2_010B37EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h]18_2_010A97ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C37F5 mov eax, dword ptr fs:[00000030h]18_2_010C37F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_01112E14 mov eax, dword ptr fs:[00000030h]18_2_01112E14
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h]18_2_0108C600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h]18_2_0108C600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h]18_2_0108C600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010A5600 mov eax, dword ptr fs:[00000030h]18_2_010A5600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeCode function: 18_2_010C9860 NtQuerySystemInformation,LdrInitializeThunk,18_2_010C9860
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Sample uses process hollowing technique
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: C80000Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe base: 400000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeThread register set: target process: 3452Jump to behavior
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmpJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmpJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeProcess created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exeJump to behavior
            Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
            Source: explorer.exe, 00000018.00000000.482082204.0000000006770000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.400937623.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000018.00000000.438991980.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.474226196.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.362319149.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
            Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts1
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		512
            Process Injection            		1
            Masquerading            		OS Credential Dumping331
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Application Layer Protocol            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain Accounts1
            Scheduled Task/Job            		Logon Script (Windows)Logon Script (Windows)141
            Virtualization/Sandbox Evasion            		Security Account Manager141
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local Accounts1
            Shared Modules            		Logon Script (Mac)Logon Script (Mac)512
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common3
            Obfuscated Files or Information            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items2
            Software Packing            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 756014 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 51 Malicious sample detected (through community Yara rule) 2->51 53 Sigma detected: Scheduled temp file as task from temp location 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 5 other signatures 2->57 8 bVgCuQEDo.exe 5 2->8         started        11 SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe 7 2->11         started        process3 file4 59 Multi AV Scanner detection for dropped file 8->59 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->61 63 Machine Learning detection for dropped file 8->63 14 bVgCuQEDo.exe 8->14         started        17 schtasks.exe 1 8->17         started        19 bVgCuQEDo.exe 8->19         started        21 bVgCuQEDo.exe 8->21         started        43 C:\Users\user\AppData\Roaming\bVgCuQEDo.exe, PE32 11->43 dropped 45 C:\Users\...\bVgCuQEDo.exe:Zone.Identifier, ASCII 11->45 dropped 47 C:\Users\user\AppData\Local\...\tmpA32E.tmp, XML 11->47 dropped 49 SecuriteInfo.com.W....22726.1920.exe.log, ASCII 11->49 dropped 65 Uses schtasks.exe or at.exe to add and modify task schedules 11->65 67 Adds a directory exclusion to Windows Defender 11->67 69 Injects a PE file into a foreign processes 11->69 23 powershell.exe 19 11->23         started        25 powershell.exe 19 11->25         started        27 schtasks.exe 1 11->27         started        29 SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe 11->29         started        signatures5 process6 signatures7 71 Modifies the context of a thread in another process (thread injection) 14->71 73 Maps a DLL or memory area into another process 14->73 75 Sample uses process hollowing technique 14->75 77 Queues an APC in another process (thread injection) 14->77 31 explorer.exe 14->31 injected 33 conhost.exe 17->33         started        35 conhost.exe 23->35         started        37 conhost.exe 25->37         started        39 conhost.exe 27->39         started        process8 process9 41 chkdsk.exe 31->41         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe34%ReversingLabsByteCode-MSIL.Trojan.RemLoader
            SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\bVgCuQEDo.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\bVgCuQEDo.exe34%ReversingLabsByteCode-MSIL.Trojan.RemLoader

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            18.0.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.fontbureau.comlvfet0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            www.mahalaburn.com/k0ud/0%Avira URL Cloudsafe
            http://www.fontbureau.coma%O0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            www.mahalaburn.com/k0ud/true
            • Avira URL Cloud: safe
            		low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000018.00000000.405613153.000000000F270000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.474698963.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.364042098.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.439327241.0000000001425000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.tiro.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designersSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.goodfont.co.krSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.carterandcone.comlSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.sajatypeworks.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.typography.netDSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.comlvfetSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers8SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.coma%OSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.fonts.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.sandoll.co.krSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.sakkal.comSecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                    Analysis ID:756014
                                    Start date and time:2022-11-29 13:59:37 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 10m 1s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:27
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:1
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@23/11@0/0
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HDC Information:
                                    • Successful, ratio: 52.6% (good quality ratio 47.3%)
                                    • Quality average: 74.4%
                                    • Quality standard deviation: 31.5%
                                    HCA Information:
                                    • Successful, ratio: 87%
                                    • Number of executed functions: 63
                                    • Number of non-executed functions: 246
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    14:00:49API Interceptor2x Sleep call for process: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe modified
                                    14:00:59API Interceptor74x Sleep call for process: powershell.exe modified
                                    14:01:05Task SchedulerRun new task: bVgCuQEDo path: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    14:01:12API Interceptor2x Sleep call for process: bVgCuQEDo.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.log

                                    Download File
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):1308
                                    Entropy (8bit):5.345811588615766
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                    MD5:2E016B886BDB8389D2DD0867BE55F87B
                                    SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                    SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                    SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                    Malicious:true
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bVgCuQEDo.exe.log

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1308
                                    Entropy (8bit):5.345811588615766
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                    MD5:2E016B886BDB8389D2DD0867BE55F87B
                                    SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                    SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                    SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                    Malicious:false
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):22004
                                    Entropy (8bit):5.5990339915304075
                                    Encrypted:false
                                    SSDEEP:384:dtCRGsPMqahOP07nYSjnSjuxbiV9ghSJ3uyq1+m0K1AVrdhstoA+inYb:mEqUOPoYoSSxjhcuSjhb
                                    MD5:9E6FE6CE3EC2053BDD9336BEBCEC7BFD
                                    SHA1:F16BA0E2A413B771831E4B475D96F68799E25626
                                    SHA-256:AA1C7C78727345DC5821A8C8A92A3D6BE656CDF0AB8CC873FB9B3A15734FBA82
                                    SHA-512:4BB21A20F3A192C49F5B580C9C6585923943EF1019CD54BF1EC175C86C8D21F1DBF04D32158600D4CCAC2081A6A9043ABD6BB20C5A9723E9156418A1FEA80E21
                                    Malicious:false
                                    Preview:@...e...........4...................:................@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fptjlsd3.wea.ps1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Preview:1

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gym543un.edp.psm1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Preview:1

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm30uqch.onq.psm1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Preview:1

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vh10hp4k.web.ps1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Preview:1

                                    C:\Users\user\AppData\Local\Temp\tmpA32E.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    File Type:XML 1.0 document, ASCII text
                                    Category:dropped
                                    Size (bytes):1596
                                    Entropy (8bit):5.152858960654771
                                    Encrypted:false
                                    SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtGxvn:cge4MYrFdOFzOzN33ODOiDdKrsuTKv
                                    MD5:57E1BE44A6D2766E524D20545B4191F8
                                    SHA1:F1F39EB3ADCF81BD3D5EBF64E7357016327D3018
                                    SHA-256:5875F2790D53322F299C8A7719E1E262A58FF0C3BC8BC3CAD4A6B34886150816
                                    SHA-512:FDFE4992234A43974C4CA040D4F7042FE6F8C5D4088FC50E2ECE806ACB725F27A9B5E233AAF0F6F0F368FE9454CE7D0B50F3C90211BBC123BFE682898DB219A0
                                    Malicious:true
                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <

                                    C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    File Type:XML 1.0 document, ASCII text
                                    Category:dropped
                                    Size (bytes):1596
                                    Entropy (8bit):5.152858960654771
                                    Encrypted:false
                                    SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtGxvn:cge4MYrFdOFzOzN33ODOiDdKrsuTKv
                                    MD5:57E1BE44A6D2766E524D20545B4191F8
                                    SHA1:F1F39EB3ADCF81BD3D5EBF64E7357016327D3018
                                    SHA-256:5875F2790D53322F299C8A7719E1E262A58FF0C3BC8BC3CAD4A6B34886150816
                                    SHA-512:FDFE4992234A43974C4CA040D4F7042FE6F8C5D4088FC50E2ECE806ACB725F27A9B5E233AAF0F6F0F368FE9454CE7D0B50F3C90211BBC123BFE682898DB219A0
                                    Malicious:false
                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <

                                    C:\Users\user\AppData\Roaming\bVgCuQEDo.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):937472
                                    Entropy (8bit):7.626851498602256
                                    Encrypted:false
                                    SSDEEP:12288:B0dqU+0zR1NqFgVkN3kXsujtKtVrA8RssJk0cDe1Wa33JzysxUi59zDdzoa1cfN:KvFqgVAU8LrLq0vBhyLiTDdEPf
                                    MD5:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    SHA1:7407554011988292B3E3522E19EDB5532F21EE4E
                                    SHA-256:755C44B90198282D2494321B4CB18CAB7E4426EFD1B7F4A20F2A0793D68A2A1F
                                    SHA-512:05EB462D04FA52DC64781064305AAF73C960765E35F51EF3EEB87E81E25D2DBDCFE7E2C51840CCC4D25E61A7FFC4D0786232C115A395F5E94EABA9508088AECC
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 34%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0......B......2)... ...@....@.. ....................................@..................................(..O....@..\?........................................................................... ............... ..H............text...8.... ...................... ..`.rsrc...\?...@...@..................@..@.reloc...............L..............@..B.................)......H.......<...........l...8u..............................................^..}.....(.......(.....*.0...........s......o......(.....*...0...........s......o......(.....*...0...........s......o......(.....*...0...........s......o......(.....*...0..+.........,..{.......+....,...{....o........(.....*..0..r.............(....s......s....}.....s....}.....s....}.....s....}.....(......{....(....o......{.....o......{.....o .....{....r...p"..@A...s!...o".....{....(#...o$.....{.... .... ..

                                    C:\Users\user\AppData\Roaming\bVgCuQEDo.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):7.626851498602256
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    File size:937472
                                    MD5:b5678475c3c15fdafff2c5c8b49d5dc1
                                    SHA1:7407554011988292b3e3522e19edb5532f21ee4e
                                    SHA256:755c44b90198282d2494321b4cb18cab7e4426efd1b7f4a20f2a0793d68a2a1f
                                    SHA512:05eb462d04fa52dc64781064305aaf73c960765e35f51ef3eeb87e81e25d2dbdcfe7e2c51840ccc4d25e61a7ffc4d0786232c115a395f5e94eaba9508088aecc
                                    SSDEEP:12288:B0dqU+0zR1NqFgVkN3kXsujtKtVrA8RssJk0cDe1Wa33JzysxUi59zDdzoa1cfN:KvFqgVAU8LrLq0vBhyLiTDdEPf
                                    TLSH:E115DF9023B6AF71F1686BF27412904827B63C6E98F1D12D9DDDB0DE2672B4049F1B27
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0......B......2)... ...@....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:000c0c1f9b1b1f8c

                                    Static PE Info

                                    General

                                    Entrypoint:0x4e2932
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6385B6A7 [Tue Nov 29 07:37:11 2022 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xe28e00x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000x3f5c.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe80000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xe09380xe0a00False0.8227318969115192data7.649605681917304IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0xe40000x3f5c0x4000False0.34625244140625data4.701482416927951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xe80000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0xe41480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 7559 x 7559 px/m
                                    RT_ICON0xe45b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 7559 x 7559 px/m
                                    RT_ICON0xe56580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 7559 x 7559 px/m
                                    RT_GROUP_ICON0xe7c000x30data
                                    RT_VERSION0xe7c300x32cdata

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    No network behavior found

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:14:00:39
                                    Start date:29/11/2022
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Imagebase:0x20000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low

                                    General

                                    Target ID:10
                                    Start time:14:00:52
                                    Start date:29/11/2022
                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Imagebase:0xb00000
                                    File size:430592 bytes
                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:high

                                    General

                                    Target ID:11
                                    Start time:14:00:53
                                    Start date:29/11/2022
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff745070000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    General

                                    Target ID:12
                                    Start time:14:01:00
                                    Start date:29/11/2022
                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Imagebase:0xb00000
                                    File size:430592 bytes
                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:high

                                    General

                                    Target ID:13
                                    Start time:14:01:00
                                    Start date:29/11/2022
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff745070000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    General

                                    Target ID:14
                                    Start time:14:01:00
                                    Start date:29/11/2022
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp
                                    Imagebase:0xfa0000
                                    File size:185856 bytes
                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    General

                                    Target ID:15
                                    Start time:14:01:01
                                    Start date:29/11/2022
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff745070000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    General

                                    Target ID:16
                                    Start time:14:01:05
                                    Start date:29/11/2022
                                    Path:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Imagebase:0xac0000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Antivirus matches:
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 34%, ReversingLabs

                                    General

                                    Target ID:18
                                    Start time:14:01:05
                                    Start date:29/11/2022
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
                                    Imagebase:0x5c0000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                    General

                                    Target ID:19
                                    Start time:14:01:20
                                    Start date:29/11/2022
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp
                                    Imagebase:0xfa0000
                                    File size:185856 bytes
                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    General

                                    Target ID:20
                                    Start time:14:01:20
                                    Start date:29/11/2022
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff745070000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    General

                                    Target ID:21
                                    Start time:14:01:21
                                    Start date:29/11/2022
                                    Path:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Imagebase:0x2c0000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    General

                                    Target ID:22
                                    Start time:14:01:22
                                    Start date:29/11/2022
                                    Path:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Imagebase:0x300000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language

                                    General

                                    Target ID:23
                                    Start time:14:01:22
                                    Start date:29/11/2022
                                    Path:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
                                    Imagebase:0xe10000
                                    File size:937472 bytes
                                    MD5 hash:B5678475C3C15FDAFFF2C5C8B49D5DC1
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000017.00000002.509702733.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown

                                    General

                                    Target ID:24
                                    Start time:14:01:24
                                    Start date:29/11/2022
                                    Path:C:\Windows\explorer.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\Explorer.EXE
                                    Imagebase:0x7ff69fe90000
                                    File size:3933184 bytes
                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                    General

                                    Target ID:27
                                    Start time:14:02:26
                                    Start date:29/11/2022
                                    Path:C:\Windows\SysWOW64\chkdsk.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                    Imagebase:0xc80000
                                    File size:23040 bytes
                                    MD5 hash:2D5A2497CB57C374B3AE3080FF9186FB
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:9.7%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:132
                                      Total number of Limit Nodes:9
                                      execution_graph 21738 9440d0 21739 9440e2 21738->21739 21740 9440ee 21739->21740 21744 9441e0 21739->21744 21749 943c64 21740->21749 21742 94410d 21745 944205 21744->21745 21753 9442e0 21745->21753 21757 9442d1 21745->21757 21750 943c6f 21749->21750 21765 9451a4 21750->21765 21752 946a50 21752->21742 21755 944307 21753->21755 21754 9443e4 21754->21754 21755->21754 21761 943de4 21755->21761 21759 944307 21757->21759 21758 9443e4 21758->21758 21759->21758 21760 943de4 CreateActCtxA 21759->21760 21760->21758 21762 945370 CreateActCtxA 21761->21762 21764 945433 21762->21764 21766 9451af 21765->21766 21769 9457f8 21766->21769 21768 946af5 21768->21752 21770 945803 21769->21770 21773 945828 21770->21773 21772 946bda 21772->21768 21774 945833 21773->21774 21777 945858 21774->21777 21776 946cca 21776->21772 21779 945863 21777->21779 21778 94741c 21778->21776 21779->21778 21781 94b2f0 21779->21781 21782 94b321 21781->21782 21783 94b345 21782->21783 21786 94b5b8 21782->21786 21790 94b5a9 21782->21790 21783->21778 21788 94b5c5 21786->21788 21787 94b5ff 21787->21783 21788->21787 21795 9497b8 21788->21795 21791 94b525 21790->21791 21793 94b5b2 21790->21793 21792 94b5ff 21792->21783 21793->21792 21794 9497b8 LoadLibraryExW 21793->21794 21794->21792 21796 9497c3 21795->21796 21797 94c2f8 21796->21797 21799 949880 21796->21799 21800 94988b 21799->21800 21801 94c367 21800->21801 21802 945858 LoadLibraryExW 21800->21802 21803 94c375 21801->21803 21808 94c3d0 21801->21808 21802->21801 21814 94e0e8 21803->21814 21820 94e0d8 21803->21820 21804 94c3a0 21804->21797 21809 94c383 21808->21809 21811 94c3d6 21808->21811 21812 94e0d8 LoadLibraryExW 21809->21812 21813 94e0e8 LoadLibraryExW 21809->21813 21810 94c3a0 21810->21803 21812->21810 21813->21810 21816 94e165 21814->21816 21817 94e119 21814->21817 21815 94e125 21815->21804 21816->21804 21817->21815 21818 94e558 LoadLibraryExW 21817->21818 21819 94e568 LoadLibraryExW 21817->21819 21818->21816 21819->21816 21822 94e119 21820->21822 21823 94e165 21820->21823 21821 94e125 21821->21804 21822->21821 21824 94e558 LoadLibraryExW 21822->21824 21825 94e568 LoadLibraryExW 21822->21825 21823->21804 21824->21823 21825->21823 21826 9491d0 21830 9492b8 21826->21830 21835 9492c8 21826->21835 21827 9491df 21831 9492db 21830->21831 21832 9492eb 21831->21832 21840 949958 21831->21840 21844 949948 21831->21844 21832->21827 21836 9492db 21835->21836 21837 9492eb 21836->21837 21838 949958 LoadLibraryExW 21836->21838 21839 949948 LoadLibraryExW 21836->21839 21837->21827 21838->21837 21839->21837 21841 94996c 21840->21841 21843 949991 21841->21843 21848 9494b8 21841->21848 21843->21832 21845 94996c 21844->21845 21846 949991 21845->21846 21847 9494b8 LoadLibraryExW 21845->21847 21846->21832 21847->21846 21849 949b38 LoadLibraryExW 21848->21849 21851 949bb1 21849->21851 21851->21843 21852 94b6d0 GetCurrentProcess 21853 94b743 21852->21853 21854 94b74a GetCurrentThread 21852->21854 21853->21854 21855 94b787 GetCurrentProcess 21854->21855 21857 94b780 21854->21857 21856 94b7bd 21855->21856 21858 94b7e5 GetCurrentThreadId 21856->21858 21857->21855 21859 94b816 21858->21859 21864 9498b0 21865 9498f2 21864->21865 21866 9498f8 GetModuleHandleW 21864->21866 21865->21866 21867 949925 21866->21867 21860 4ace6e0 21861 4ace72b ReadProcessMemory 21860->21861 21863 4ace76f 21861->21863 21868 4ace5c0 21869 4ace608 WriteProcessMemory 21868->21869 21871 4ace65f 21869->21871 21872 94b8f8 DuplicateHandle 21873 94b98e 21872->21873 21874 94fd38 21875 94fda0 CreateWindowExW 21874->21875 21877 94fe5c 21875->21877 21878 7b98bc8 21879 7b98d53 21878->21879 21881 7b98bee 21878->21881 21881->21879 21882 7b987c4 21881->21882 21883 7b98e48 PostMessageW 21882->21883 21884 7b98eb4 21883->21884 21884->21881 21885 4ace8d8 21886 4ace961 CreateProcessA 21885->21886 21888 4aceb23 21886->21888 21889 4ace258 21890 4ace298 ResumeThread 21889->21890 21892 4ace2c9 21890->21892 21893 7b98740 21894 7b98755 21893->21894 21897 4ace338 21894->21897 21898 4ace37d SetThreadContext 21897->21898 21900 4ace3c5 21898->21900 21901 4ace4d0 21902 4ace510 VirtualAllocEx 21901->21902 21904 4ace54d 21902->21904

                                      Executed Functions

                                      Function 04AC06E8 Relevance: .2, Instructions: 187COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c7a834bd19a823f568a0d218c9ca759f73b6a2688ab316b373f518d2ce1f462e
                                      • Instruction ID: 514ba11e3301158701d360606bd6cd1148c7cda5d660a432cb543b0fc1634372
                                      • Opcode Fuzzy Hash: c7a834bd19a823f568a0d218c9ca759f73b6a2688ab316b373f518d2ce1f462e
                                      • Instruction Fuzzy Hash: 55818374E00218DFDB58DFA9D85469DBBB2FF88304F208129D805AB355DB75AD46CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC06D9 Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45266f957aeb6d66f546e74465870285877fefdc101b815c95754875d187e9b2
                                      • Instruction ID: 45600e17b3b8d64924557172091413d2ca6f6e914065e7f9eaf9964542861139
                                      • Opcode Fuzzy Hash: 45266f957aeb6d66f546e74465870285877fefdc101b815c95754875d187e9b2
                                      • Instruction Fuzzy Hash: 99818274E00218DFDB58DFA9D8946DDBBB2FF88304F20802AD815AB355DB756946CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC28D1 Relevance: .1, Instructions: 145COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5753f87c9a8eda270ecc16180afc9c7e9e5166861813709d3422bdf40cbcce4d
                                      • Instruction ID: c9090075e4917b91da9d3e8e072bcf2b49a34352cdb648b98c37604f27b6dd7f
                                      • Opcode Fuzzy Hash: 5753f87c9a8eda270ecc16180afc9c7e9e5166861813709d3422bdf40cbcce4d
                                      • Instruction Fuzzy Hash: 9651B075E052199FDF08DFEAD8806EEFBB2BF89300F14842AD519AB254EB745946CF40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094B6C1 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0094B730
                                      • GetCurrentThread.KERNEL32 ref: 0094B76D
                                      • GetCurrentProcess.KERNEL32 ref: 0094B7AA
                                      • GetCurrentThreadId.KERNEL32 ref: 0094B803
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: c2a122f8f8f983890bb308bef40c29f875fbe469d31b25f49f315509c3849393
                                      • Instruction ID: e20732841c4e52ed502400b10501c95a7a9666405871120d4a29b861432bebe3
                                      • Opcode Fuzzy Hash: c2a122f8f8f983890bb308bef40c29f875fbe469d31b25f49f315509c3849393
                                      • Instruction Fuzzy Hash: 8D5134B4D002498FDB20CFA9D988BDEBBF1BF89314F24856AE409B7250C7749945CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094B6D0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0094B730
                                      • GetCurrentThread.KERNEL32 ref: 0094B76D
                                      • GetCurrentProcess.KERNEL32 ref: 0094B7AA
                                      • GetCurrentThreadId.KERNEL32 ref: 0094B803
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: b19d5b7175afec89022fa197ee541379abbcd01a72cb19257ee1bfbfa7318d57
                                      • Instruction ID: 7968216ac72cbc4412d48dd87872ae934c4b6c6d5108b099de48cbe57f199c77
                                      • Opcode Fuzzy Hash: b19d5b7175afec89022fa197ee541379abbcd01a72cb19257ee1bfbfa7318d57
                                      • Instruction Fuzzy Hash: 9D5132B4D006498FDB20CFA9C988B9EBBF5FB88314F248469E419B7350D7B4A944CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE8D8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 38 4ace8d8-4ace96d 40 4ace96f-4ace979 38->40 41 4ace9a6-4ace9c6 38->41 40->41 42 4ace97b-4ace97d 40->42 46 4ace9ff-4acea2e 41->46 47 4ace9c8-4ace9d2 41->47 44 4ace97f-4ace989 42->44 45 4ace9a0-4ace9a3 42->45 48 4ace98d-4ace99c 44->48 49 4ace98b 44->49 45->41 57 4acea67-4aceb21 CreateProcessA 46->57 58 4acea30-4acea3a 46->58 47->46 51 4ace9d4-4ace9d6 47->51 48->48 50 4ace99e 48->50 49->48 50->45 52 4ace9d8-4ace9e2 51->52 53 4ace9f9-4ace9fc 51->53 55 4ace9e4 52->55 56 4ace9e6-4ace9f5 52->56 53->46 55->56 56->56 60 4ace9f7 56->60 69 4aceb2a-4acebb0 57->69 70 4aceb23-4aceb29 57->70 58->57 59 4acea3c-4acea3e 58->59 61 4acea40-4acea4a 59->61 62 4acea61-4acea64 59->62 60->53 64 4acea4c 61->64 65 4acea4e-4acea5d 61->65 62->57 64->65 65->65 66 4acea5f 65->66 66->62 80 4acebc0-4acebc4 69->80 81 4acebb2-4acebb6 69->81 70->69 83 4acebd4-4acebd8 80->83 84 4acebc6-4acebca 80->84 81->80 82 4acebb8 81->82 82->80 86 4acebe8-4acebec 83->86 87 4acebda-4acebde 83->87 84->83 85 4acebcc 84->85 85->83 89 4acebfe-4acec05 86->89 90 4acebee-4acebf4 86->90 87->86 88 4acebe0 87->88 88->86 91 4acec1c 89->91 92 4acec07-4acec16 89->92 90->89 92->91
                                      APIs
                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04ACEB0E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: c79afd1853ba1f9183780c6e87b33dbaa5711001fc07806b16190aeb52aeaea1
                                      • Instruction ID: 13e0145a849d0d9f59920fe85e7129fd679cc9a144929200f20e2c9bc0c57a0d
                                      • Opcode Fuzzy Hash: c79afd1853ba1f9183780c6e87b33dbaa5711001fc07806b16190aeb52aeaea1
                                      • Instruction Fuzzy Hash: 9F915D71D04219DFDF60CFA4C881BEEBBB2BF48314F048569E859A7250DB74A985CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094FD2C Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 94 94fd2c-94fd9e 95 94fda0-94fda6 94->95 96 94fda9-94fdb0 94->96 95->96 97 94fdb2-94fdb8 96->97 98 94fdbb-94fdf3 96->98 97->98 99 94fdfb-94fe5a CreateWindowExW 98->99 100 94fe63-94fe9b 99->100 101 94fe5c-94fe62 99->101 105 94fe9d-94fea0 100->105 106 94fea8 100->106 101->100 105->106 107 94fea9 106->107 107->107
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0094FE4A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 7c3347f5a86a5c9541c672f59480113a165758608347788d637b21de2a21fdb0
                                      • Instruction ID: 083bd1217f86cce93ed0f1ac1e3ceac6ca8120913ba792b3eb8f5c143aeb5ef2
                                      • Opcode Fuzzy Hash: 7c3347f5a86a5c9541c672f59480113a165758608347788d637b21de2a21fdb0
                                      • Instruction Fuzzy Hash: F651F0B1D003099FDF14CFA9C894ADEBFB5BF88314F24822AE419AB251D7709845CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094FD38 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 108 94fd38-94fd9e 109 94fda0-94fda6 108->109 110 94fda9-94fdb0 108->110 109->110 111 94fdb2-94fdb8 110->111 112 94fdbb-94fe5a CreateWindowExW 110->112 111->112 114 94fe63-94fe9b 112->114 115 94fe5c-94fe62 112->115 119 94fe9d-94fea0 114->119 120 94fea8 114->120 115->114 119->120 121 94fea9 120->121 121->121
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0094FE4A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 88acebc6d5e4e1169e5dda1e529dc41afd67d4c560eeed6644a6012eddd276cb
                                      • Instruction ID: d43764e6dfa8243bcbd99a2bfdd7961fdacac2a70c6bdd0f96dbeda6bee812d6
                                      • Opcode Fuzzy Hash: 88acebc6d5e4e1169e5dda1e529dc41afd67d4c560eeed6644a6012eddd276cb
                                      • Instruction Fuzzy Hash: 5E41BEB1D00309DFDB14CF9AC894ADEBBB5BF88314F24862AE819AB251D7749945CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00945364 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 122 945364-94536d 123 945370-945431 CreateActCtxA 122->123 125 945433-945439 123->125 126 94543a-945494 123->126 125->126 133 945496-945499 126->133 134 9454a3-9454a7 126->134 133->134 135 9454b8 134->135 136 9454a9-9454b5 134->136 138 9454b9 135->138 136->135 138->138
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 00945421
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: bf5e22d8dfb3bf3a0aebed1cc5c4c53105391e3de91aae11edc941cc559cd9a2
                                      • Instruction ID: 89d92c3fd7c83a53d7e00895ce30eca01a55356d0d74148f6f8599962aaca7b7
                                      • Opcode Fuzzy Hash: bf5e22d8dfb3bf3a0aebed1cc5c4c53105391e3de91aae11edc941cc559cd9a2
                                      • Instruction Fuzzy Hash: 35410271C00618CFDB24DFA9C884BCEBBB5BF49308F218069D418AB252D7755945CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00943DE4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 139 943de4-945431 CreateActCtxA 142 945433-945439 139->142 143 94543a-945494 139->143 142->143 150 945496-945499 143->150 151 9454a3-9454a7 143->151 150->151 152 9454b8 151->152 153 9454a9-9454b5 151->153 155 9454b9 152->155 153->152 155->155
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 00945421
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: c83f99ed85be74430619b2c03419d379dc6c9d522c2f32bf5cfc7f86cae2cb6e
                                      • Instruction ID: 0f3d4a1c44f1740bb0e11ddf86c9fa260eef14ed64b74d4340a1b295973f6f1b
                                      • Opcode Fuzzy Hash: c83f99ed85be74430619b2c03419d379dc6c9d522c2f32bf5cfc7f86cae2cb6e
                                      • Instruction Fuzzy Hash: 3241FF70C0461CCBDB24DFA9C884B9EBBB5BF48308F218069D419BB252DBB56985CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE5C0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 156 4ace5c0-4ace60e 158 4ace61e-4ace65d WriteProcessMemory 156->158 159 4ace610-4ace61c 156->159 161 4ace65f-4ace665 158->161 162 4ace666-4ace696 158->162 159->158 161->162
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04ACE650
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: ba91656a2a1096ad7aec8b36759cb7df78870d84a356253664b6e732c8d78c99
                                      • Instruction ID: e4c65a9bd49e5f8afe026cafb8f799fe0fc1bb57049cd9864678189e6c3050d1
                                      • Opcode Fuzzy Hash: ba91656a2a1096ad7aec8b36759cb7df78870d84a356253664b6e732c8d78c99
                                      • Instruction Fuzzy Hash: 532127759003599FCF10CFA9C884BDEBBF5FF48314F048429E919A7241CB78A954CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094B8F2 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 166 94b8f2-94b98c DuplicateHandle 167 94b995-94b9b2 166->167 168 94b98e-94b994 166->168 168->167
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0094B97F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 617b9bdfca55aec2df621427951885486185ba6945c6c49bcbf43056d6c00ba5
                                      • Instruction ID: daf0782f4ca66cbd3388ce11c45a1984bbae6d51f452bec1bbf492de7ae403c8
                                      • Opcode Fuzzy Hash: 617b9bdfca55aec2df621427951885486185ba6945c6c49bcbf43056d6c00ba5
                                      • Instruction Fuzzy Hash: C021FFB5D002489FDB10CFA9D884AEEBBF4EB49324F14841AE918A3310C378A955CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE6E0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 181 4ace6e0-4ace76d ReadProcessMemory 184 4ace76f-4ace775 181->184 185 4ace776-4ace7a6 181->185 184->185
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04ACE760
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: 858ea3e3616a5cb7c1012432f3631f7cd468cbecca41aecb7110898c433504a1
                                      • Instruction ID: cb1fe1ff2b9cc1e35c538a906578050c4f6e5b1648fa3c1e0e4995dbeffe49f0
                                      • Opcode Fuzzy Hash: 858ea3e3616a5cb7c1012432f3631f7cd468cbecca41aecb7110898c433504a1
                                      • Instruction Fuzzy Hash: 362116B1D002599FCB10CFAAC884BEEBBB5FF48314F508429E519A7240C7789944CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE338 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 171 4ace338-4ace383 173 4ace385-4ace391 171->173 174 4ace393-4ace3c3 SetThreadContext 171->174 173->174 176 4ace3cc-4ace3fc 174->176 177 4ace3c5-4ace3cb 174->177 177->176
                                      APIs
                                      • SetThreadContext.KERNELBASE(?,00000000), ref: 04ACE3B6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: ContextThread
                                      • String ID:
                                      • API String ID: 1591575202-0
                                      • Opcode ID: 2648a5abab17a5cea6726615448d03ce0ff8191f11a2245ea2c7035cdf07db04
                                      • Instruction ID: 6792148b681597671fe0c7dc698b2a6689b9d6304cea840161bf7680b06b75d5
                                      • Opcode Fuzzy Hash: 2648a5abab17a5cea6726615448d03ce0ff8191f11a2245ea2c7035cdf07db04
                                      • Instruction Fuzzy Hash: A22134B1D002098FDB10CFAAC4847EFBBF4AB88224F54842AD559A7341CB78A944CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094B8F8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 189 94b8f8-94b98c DuplicateHandle 190 94b995-94b9b2 189->190 191 94b98e-94b994 189->191 191->190
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0094B97F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: fad4867c1af4f9c1b73e2b036d7dacc1b88ff31151548f5bdb58ae03479d9f43
                                      • Instruction ID: 327cc33f777000e33ceb7a201fcedfbc18ae34ae2fd7c64d53f6b241091b124b
                                      • Opcode Fuzzy Hash: fad4867c1af4f9c1b73e2b036d7dacc1b88ff31151548f5bdb58ae03479d9f43
                                      • Instruction Fuzzy Hash: 9721C2B5D002589FDB10CFAAD984ADEFBF8FB49324F14841AE918A7310D374A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00949B30 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 194 949b30-949b78 195 949b80-949baf LoadLibraryExW 194->195 196 949b7a-949b7d 194->196 197 949bb1-949bb7 195->197 198 949bb8-949bd5 195->198 196->195 197->198
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00949991,00000800,00000000,00000000), ref: 00949BA2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: f492f4cdea9cc0976549d3c5635ce1a33f6f3f3ece6635dab8816a5b1e101be8
                                      • Instruction ID: 1de06a7e2a01b018a9807b5af2c3a57dc12511ce152b2308e79a80aa02de2368
                                      • Opcode Fuzzy Hash: f492f4cdea9cc0976549d3c5635ce1a33f6f3f3ece6635dab8816a5b1e101be8
                                      • Instruction Fuzzy Hash: DA1114B6D002498FCB10CFAAD484BDEFBF4EB89320F14842AD855A7600C775A945CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 009494B8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 201 9494b8-949b78 203 949b80-949baf LoadLibraryExW 201->203 204 949b7a-949b7d 201->204 205 949bb1-949bb7 203->205 206 949bb8-949bd5 203->206 204->203 205->206
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00949991,00000800,00000000,00000000), ref: 00949BA2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 933cd023c664282aafe4ebec913a42c0babbf9746531a6fa057655a51eaf5fc7
                                      • Instruction ID: 740ddf863632762ee3f3fe29b3eccc18d09213fc7ed1c8aec451de79af9f8865
                                      • Opcode Fuzzy Hash: 933cd023c664282aafe4ebec913a42c0babbf9746531a6fa057655a51eaf5fc7
                                      • Instruction Fuzzy Hash: 311103B69003488FCB10CF9AD444BDFFBF4EB88320F14842AE515A7600C7B5A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE4D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 209 4ace4d0-4ace54b VirtualAllocEx 212 4ace54d-4ace553 209->212 213 4ace554-4ace579 209->213 212->213
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04ACE53E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: e181a7c31dac1150991436e5ede40c4d7111185ae54522bf876d5ef57905a7a3
                                      • Instruction ID: e504cc3670ae1566024ac8f6f59079a94682b4a4790bf6b4ec0afe412a6ca730
                                      • Opcode Fuzzy Hash: e181a7c31dac1150991436e5ede40c4d7111185ae54522bf876d5ef57905a7a3
                                      • Instruction Fuzzy Hash: 9C1134719002489FCF10CFAAC844BEFBBF5AF88324F148829E515A7250DB79A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04ACE258 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 432d9b67c31be81344e66fb15d912e39006c16be563c947fbfa20517a311994c
                                      • Instruction ID: 74c8751035fa6a64351a58c90c87fd8f6582e539b30ca97af29e3b5448708eee
                                      • Opcode Fuzzy Hash: 432d9b67c31be81344e66fb15d912e39006c16be563c947fbfa20517a311994c
                                      • Instruction Fuzzy Hash: A6113AB1D047488BCB10DFAAC4447DFFBF5AB88324F14882DD515A7740CB79A944CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 009498A8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00949916
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 3439a91966711e0ca4002db55a56fa27bb1bd4c03a22adab90465dd31b3592e1
                                      • Instruction ID: d1c6955bf3545303f3b1a326d371af3b95a3234dd0b8789398b22501af037e66
                                      • Opcode Fuzzy Hash: 3439a91966711e0ca4002db55a56fa27bb1bd4c03a22adab90465dd31b3592e1
                                      • Instruction Fuzzy Hash: 26111FB5C002488ECB20CFAAC484BDEBBF5AF89324F14846AD419B7600C374A546CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 009498B0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00949916
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: ce7f97200b6f33f46d7178bbe118032ec86b2f07cfc1146683a19bedc667232a
                                      • Instruction ID: 4bde275808809eaa4f3214a1a822950d38af11d8ba1233fc03369423f8dd1c18
                                      • Opcode Fuzzy Hash: ce7f97200b6f33f46d7178bbe118032ec86b2f07cfc1146683a19bedc667232a
                                      • Instruction Fuzzy Hash: 3811DFB5D006498FDB10CF9AC484BDEFBF8EB89324F14846AD429B7610D374A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 07B987C4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07B98EA5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.339117093.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7b90000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 5aaf519d1500d33a37f76a0357f8365f285e81d6371f2b64ce64053bd643e674
                                      • Instruction ID: 3e6e8efca968add92a92c8fab1b0b02d3abf2da57811d2f5b69c293bf769de53
                                      • Opcode Fuzzy Hash: 5aaf519d1500d33a37f76a0357f8365f285e81d6371f2b64ce64053bd643e674
                                      • Instruction Fuzzy Hash: 6911F5B58006499FDB10CF99C889BDFBBF8FB49324F108469E515A7200C378A944CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 008BD01C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326408131.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e131dbabca4064dd00f69323c8fff235d25fd14a52f1be79f9857746df341d6b
                                      • Instruction ID: 59223eb5fa81411a1fcba28c81b3c1f1fb2f630720fc5e4a9d4d49a291bcaaf8
                                      • Opcode Fuzzy Hash: e131dbabca4064dd00f69323c8fff235d25fd14a52f1be79f9857746df341d6b
                                      • Instruction Fuzzy Hash: AE2137B5504704EFCB14EF20D4C0B56BB61FB88318F24C5A9E8098B346D33AD807CA61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 008BD1D4 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326408131.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 12a8cdd4af815bf4fd611cfc22afbc4400a2a43ca20b01411d6c42454fb9a493
                                      • Instruction ID: af6aedc1e66cca675759794221a69b75ce4e76cc45bed16fc4fbb4159c50b3ee
                                      • Opcode Fuzzy Hash: 12a8cdd4af815bf4fd611cfc22afbc4400a2a43ca20b01411d6c42454fb9a493
                                      • Instruction Fuzzy Hash: FC21F5B5504384EFDB05CF10D5C0B66BBA5FB84318F24C5A9E9498B342D376E846CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 008BD006 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326408131.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65e434e8c6d711af93c084c8d0878f84401a1d688c9f01a3a56c40c56e854cee
                                      • Instruction ID: ec1675a5dd23d63cedf8a3043296e49551f1a821b8af36101408a1227332e141
                                      • Opcode Fuzzy Hash: 65e434e8c6d711af93c084c8d0878f84401a1d688c9f01a3a56c40c56e854cee
                                      • Instruction Fuzzy Hash: 9B21B0754087809FCB02CF14D994B11BFB1FF46314F28C5EAD8498B267C33A980ACB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 008BD1CF Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326408131.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8bd000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac1c577071c2d0f69f9c0c2e3af2bcc6dc79f4eb61d5675d3e9761bf736dafb1
                                      • Instruction ID: b96c4732d4e75416e67914c815c63934a98b487985bae1ac1c1ef3af0eead8a2
                                      • Opcode Fuzzy Hash: ac1c577071c2d0f69f9c0c2e3af2bcc6dc79f4eb61d5675d3e9761bf736dafb1
                                      • Instruction Fuzzy Hash: 8A118B75904280EFCB11CF10D5C4B55BFB1FB84324F28C6A9D8498B756D33AE84ACB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 04AC942D Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: UUUU
                                      • API String ID: 0-1798160573
                                      • Opcode ID: ad43e345aea232b24b1b5299c1a83507530123265b82df65cf0bd501a4e9aaac
                                      • Instruction ID: a5f48c9941d00d53514de995ed84c86c59a1d089be6420a4cd5fbcbfcffe5903
                                      • Opcode Fuzzy Hash: ad43e345aea232b24b1b5299c1a83507530123265b82df65cf0bd501a4e9aaac
                                      • Instruction Fuzzy Hash: FE518A70E146288FDBA0CF69C885B8DBBF2AB88304F0485EAD55DE7215DB349E85CF11
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094E5B0 Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c941859b6771a05d8db3e48a1ece0b9689de12961a7a1b761b787267450928c5
                                      • Instruction ID: 68c1a978fba1647804718b81238f6b38eb5653c093807731c0a420fae38485c4
                                      • Opcode Fuzzy Hash: c941859b6771a05d8db3e48a1ece0b9689de12961a7a1b761b787267450928c5
                                      • Instruction Fuzzy Hash: 4312A3F1429F468BD310CFA5ED981893BA1B745328F92430DD2A16BAF5D7F4114AEF84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC2320 Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b5f3a0f4b0b1e81efb89ce8c5b934a03879a8e0fa1e358041e3b4e91fbf21b6
                                      • Instruction ID: 938dead79a114c2be2105ba52935a3b4429fb09cd593bea678a4cbae1a441fdd
                                      • Opcode Fuzzy Hash: 9b5f3a0f4b0b1e81efb89ce8c5b934a03879a8e0fa1e358041e3b4e91fbf21b6
                                      • Instruction Fuzzy Hash: 60D10730D2075ADACB10EB64C950ADDB3B1EF96304F509B9AE4097B225FB706AC5CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094C164 Relevance: .3, Instructions: 265COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b30fa4aeba3c8fa0a8628d6b893efc2a9ef25474f5c735b11ec04b0ece39f00c
                                      • Instruction ID: 7ad1d56fa5a6f860bfe8360d246ce4c93d5f3d4add53046f4d6bc3102a8de80b
                                      • Opcode Fuzzy Hash: b30fa4aeba3c8fa0a8628d6b893efc2a9ef25474f5c735b11ec04b0ece39f00c
                                      • Instruction Fuzzy Hash: CEA18C36E012198FCF05DFB5C8449DEBBB6FF89300B15856AE905BB261EBB1E945CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC2330 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19555bb3a4f761f962d2a253af47e49db075b23fc98071916cc29e2e205375aa
                                      • Instruction ID: 4304040aaa405d092f748f251aa10252600410fae6d972d1b3f4a7d0950c6e5a
                                      • Opcode Fuzzy Hash: 19555bb3a4f761f962d2a253af47e49db075b23fc98071916cc29e2e205375aa
                                      • Instruction Fuzzy Hash: 6ED10730D2075ADACB50EB64C950AD9B3B1FF96304F509B9AE4093B225FB706AC5CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0094E5A2 Relevance: .2, Instructions: 221COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.326624067.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 883e008db6dd53610d03929ebeafaccc914b5ed4bef7cd6f7303f318347d06b9
                                      • Instruction ID: a5f8acfd48f4a00b01dd8ed92e716e89e9854486537a93c7c13ba85b242da2d8
                                      • Opcode Fuzzy Hash: 883e008db6dd53610d03929ebeafaccc914b5ed4bef7cd6f7303f318347d06b9
                                      • Instruction Fuzzy Hash: D1C119B1829F468BD710CFA5EC981893BB1BB85328F92430DD1616BAF0D7F4104AEF84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC6589 Relevance: .2, Instructions: 170COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d0ddc911ce6650f44a85512fdd65fba7863f23e568d0fe384a1e1556345a2310
                                      • Instruction ID: 522449393d060da63707a44f39697d0200d86ca0c5b7d6b35a88394aa1a0253c
                                      • Opcode Fuzzy Hash: d0ddc911ce6650f44a85512fdd65fba7863f23e568d0fe384a1e1556345a2310
                                      • Instruction Fuzzy Hash: A96120B0E052188FD748EF7AE45069ABBF3EBC9304F04D83AD4049B369DB755D4A8B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC6598 Relevance: .2, Instructions: 160COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c04c267d04d8167f47e58a41f47d47eb3a0ee721bf8ae066e9c775e0b654ecb4
                                      • Instruction ID: b549e9dd6929380c87914d77bdf21be289aa9ba72488fec79b93765b204a83ef
                                      • Opcode Fuzzy Hash: c04c267d04d8167f47e58a41f47d47eb3a0ee721bf8ae066e9c775e0b654ecb4
                                      • Instruction Fuzzy Hash: A96111B0E052188FD748EF7AE45069ABBF3EBC5304F04D83AD4049B369DB745D4A8B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC6829 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1c929912eae13e086a09cfd0ae6918f2a48a86389f92cef6862a832183f120c
                                      • Instruction ID: dbf1623d91de27bd4468454c9c1530bbd40400ac3e6f485b735f47c05d910466
                                      • Opcode Fuzzy Hash: c1c929912eae13e086a09cfd0ae6918f2a48a86389f92cef6862a832183f120c
                                      • Instruction Fuzzy Hash: 47413571D05A188BEB5CCF6BDD4069AFAF3AFC8201F14C1BA980CAB255EB3149468F50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 04AC6838 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.333978521.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4ac0000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e86ee1a38040ecd7e8313319f00094bd9d91b920130447995db1a9ca3fdc0fd
                                      • Instruction ID: 4bd1d25ff1ea36902770320202ba36ef123fca4a5c5cfff17a6db441c63ec206
                                      • Opcode Fuzzy Hash: 3e86ee1a38040ecd7e8313319f00094bd9d91b920130447995db1a9ca3fdc0fd
                                      • Instruction Fuzzy Hash: B9412571D05A188BEB5CCF6BDD4079AFAF7AFC8201F14C1BA881CAB255EB3059469F10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 07B90758 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.339117093.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7b90000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d75b1d664ff822c3db7df1a0c63af8f2c7891567a16cb0d46755e860629acdda
                                      • Instruction ID: fdd46da158e4bbca766b1606d9478873b161990ece88b55bfc14d7ef9802287b
                                      • Opcode Fuzzy Hash: d75b1d664ff822c3db7df1a0c63af8f2c7891567a16cb0d46755e860629acdda
                                      • Instruction Fuzzy Hash: 984152B1E016198BEB5CCF6BCD4479AFAF3AFC9200F14C1F9841CA6215DB3509828F41
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 07B90748 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.339117093.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7b90000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea1bb00d5fbbbade4e6e7479bbb1049312e4d7b7c7ea509130b5330985168329
                                      • Instruction ID: f88c592b8167431a0c77e778b2e0b60252fefd57ffd45e2c51d3c43ae27edecc
                                      • Opcode Fuzzy Hash: ea1bb00d5fbbbade4e6e7479bbb1049312e4d7b7c7ea509130b5330985168329
                                      • Instruction Fuzzy Hash: 004168B1E056588BEB1CCF678D4078EFAF3AFC9210F18C1FA845CAA255DB7505968F41
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Execution Graph

                                      Execution Coverage:11.1%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:138
                                      Total number of Limit Nodes:5
                                      execution_graph 14985 85f84b8 14986 85f84de 14985->14986 14988 85f8643 14985->14988 14986->14988 14989 85f80b0 14986->14989 14990 85f8738 PostMessageW 14989->14990 14991 85f87a4 14990->14991 14991->14986 14992 135d01c 14994 135d034 14992->14994 14993 135d08e 14994->14993 14997 13ffef0 14994->14997 15001 13ffee0 14994->15001 14998 13fff16 14997->14998 15005 13fde24 14998->15005 15000 13fff22 15000->14993 15002 13ffef0 15001->15002 15003 13fde24 CreateWindowExW 15002->15003 15004 13fff22 15003->15004 15004->14993 15006 13fde2f CreateWindowExW 15005->15006 15008 13ffe5c 15006->15008 15008->15008 15009 13f40d0 15010 13f40e2 15009->15010 15011 13f40ee 15010->15011 15015 13f41e0 15010->15015 15020 13f3c64 15011->15020 15013 13f410d 15016 13f4205 15015->15016 15024 13f42d1 15016->15024 15028 13f42e0 15016->15028 15021 13f3c6f 15020->15021 15036 13f51a4 15021->15036 15023 13f6a50 15023->15013 15025 13f42e0 15024->15025 15026 13f43e4 15025->15026 15032 13f3de4 15025->15032 15029 13f4307 15028->15029 15030 13f3de4 CreateActCtxA 15029->15030 15031 13f43e4 15029->15031 15030->15031 15033 13f5370 CreateActCtxA 15032->15033 15035 13f5433 15033->15035 15037 13f51af 15036->15037 15040 13f57f8 15037->15040 15039 13f6af5 15039->15023 15041 13f5803 15040->15041 15044 13f5828 15041->15044 15043 13f6bda 15043->15039 15045 13f5833 15044->15045 15048 13f5858 15045->15048 15047 13f6cca 15047->15043 15049 13f5863 15048->15049 15051 13f73de 15049->15051 15055 13f9198 15049->15055 15050 13f741c 15050->15047 15051->15050 15059 13fb2f0 15051->15059 15064 13fb300 15051->15064 15069 13f91c3 15055->15069 15074 13f91d0 15055->15074 15056 13f91ae 15056->15051 15060 13fb300 15059->15060 15061 13fb345 15060->15061 15110 13fb5a9 15060->15110 15115 13fb5b8 15060->15115 15061->15050 15065 13fb321 15064->15065 15066 13fb5a9 4 API calls 15065->15066 15067 13fb5b8 4 API calls 15065->15067 15068 13fb345 15065->15068 15066->15068 15067->15068 15068->15050 15070 13f91d0 15069->15070 15078 13f92b8 15070->15078 15085 13f92c8 15070->15085 15071 13f91df 15071->15056 15076 13f92b8 2 API calls 15074->15076 15077 13f92c8 2 API calls 15074->15077 15075 13f91df 15075->15056 15076->15075 15077->15075 15079 13f92c8 15078->15079 15091 13f8240 15079->15091 15082 13f92eb 15082->15071 15086 13f8240 GetModuleHandleW 15085->15086 15087 13f92db 15086->15087 15088 13f92eb 15087->15088 15089 13f9958 2 API calls 15087->15089 15090 13f9948 2 API calls 15087->15090 15088->15071 15089->15088 15090->15088 15092 13f98b0 GetModuleHandleW 15091->15092 15094 13f92db 15092->15094 15094->15082 15095 13f9948 15094->15095 15101 13f9958 15094->15101 15096 13f9958 15095->15096 15097 13f8240 GetModuleHandleW 15096->15097 15098 13f996c 15097->15098 15100 13f9991 15098->15100 15106 13f94b8 15098->15106 15100->15082 15102 13f8240 GetModuleHandleW 15101->15102 15103 13f996c 15102->15103 15104 13f9991 15103->15104 15105 13f94b8 LoadLibraryExW 15103->15105 15104->15082 15105->15104 15107 13f9b38 LoadLibraryExW 15106->15107 15109 13f9bb1 15107->15109 15109->15100 15111 13fb525 15110->15111 15112 13fb5b2 15110->15112 15114 13fb5ff 15112->15114 15119 13f97b8 15112->15119 15114->15061 15116 13fb5c5 15115->15116 15117 13fb5ff 15116->15117 15118 13f97b8 4 API calls 15116->15118 15117->15061 15118->15117 15121 13f97c3 15119->15121 15120 13fc2f8 15121->15120 15123 13f9880 15121->15123 15124 13f988b 15123->15124 15125 13f5858 4 API calls 15124->15125 15126 13fc367 15125->15126 15130 13fe0d8 15126->15130 15139 13fe0e8 15126->15139 15127 13fc3a0 15127->15120 15132 13fe119 15130->15132 15134 13fe20a 15130->15134 15131 13fe125 15131->15127 15132->15131 15135 13fe568 GetModuleHandleW LoadLibraryExW 15132->15135 15136 13fe558 GetModuleHandleW LoadLibraryExW 15132->15136 15133 13fe165 15137 13fef1f GetModuleHandleW CreateWindowExW CreateWindowExW 15133->15137 15138 13fef30 GetModuleHandleW CreateWindowExW CreateWindowExW 15133->15138 15134->15127 15135->15133 15136->15133 15137->15134 15138->15134 15141 13fe119 15139->15141 15142 13fe20a 15139->15142 15140 13fe125 15140->15127 15141->15140 15144 13fe568 GetModuleHandleW LoadLibraryExW 15141->15144 15145 13fe558 GetModuleHandleW LoadLibraryExW 15141->15145 15142->15127 15143 13fe165 15146 13fef1f GetModuleHandleW CreateWindowExW CreateWindowExW 15143->15146 15147 13fef30 GetModuleHandleW CreateWindowExW CreateWindowExW 15143->15147 15144->15143 15145->15143 15146->15142 15147->15142 15148 13fb6d0 15149 13fb736 15148->15149 15153 13fb880 15149->15153 15157 13fb890 15149->15157 15150 13fb7e5 15154 13fb890 15153->15154 15160 13f9840 15154->15160 15158 13f9840 DuplicateHandle 15157->15158 15159 13fb8be 15158->15159 15159->15150 15161 13fb8f8 DuplicateHandle 15160->15161 15162 13fb8be 15161->15162 15162->15150

                                      Executed Functions

                                      Function 013FFCD8 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 13ffcd8-13ffcec 1 13ffcee-13ffd15 0->1 2 13ffd26-13ffd9e 0->2 3 13ffd1d-13ffd1e 1->3 4 13ffd18 call 13fde0c 1->4 5 13ffda9-13ffdb0 2->5 6 13ffda0-13ffda6 2->6 4->3 7 13ffdbb-13ffe5a CreateWindowExW 5->7 8 13ffdb2-13ffdb8 5->8 6->5 10 13ffe5c-13ffe62 7->10 11 13ffe63-13ffe9b 7->11 8->7 10->11 15 13ffe9d-13ffea0 11->15 16 13ffea8 11->16 15->16 17 13ffea9 16->17 17->17
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013FFE4A
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: e7effcea7947246d61acdaf52fced6b055ee50c74e735f12399a252dff93409b
                                      • Instruction ID: 2eddc7188dbb66edcb44694b8c3436d8c0f435c0501c1d85080f8e279b3ab7f8
                                      • Opcode Fuzzy Hash: e7effcea7947246d61acdaf52fced6b055ee50c74e735f12399a252dff93409b
                                      • Instruction Fuzzy Hash: 405112B2C00248AFCF01CFA9C884ADEBFB5FF49314F14816AE918AB221D3719855CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013FDDF0 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 18 13fddf0-13fde08 21 13fde0a-13fde10 18->21 22 13fde13-13ffd9e 18->22 21->22 24 13ffda9-13ffdb0 22->24 25 13ffda0-13ffda6 22->25 26 13ffdbb-13ffdf3 24->26 27 13ffdb2-13ffdb8 24->27 25->24 28 13ffdfb-13ffe5a CreateWindowExW 26->28 27->26 29 13ffe5c-13ffe62 28->29 30 13ffe63-13ffe9b 28->30 29->30 34 13ffe9d-13ffea0 30->34 35 13ffea8 30->35 34->35 36 13ffea9 35->36 36->36
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013FFE4A
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 8338624a4956db3eae02d5ba980af0689b294ce1801c3c3c728cef6310ca3552
                                      • Instruction ID: 20fd271d39389f4a8a8eb009cd7252566451855502c278636f851b665ee1f406
                                      • Opcode Fuzzy Hash: 8338624a4956db3eae02d5ba980af0689b294ce1801c3c3c728cef6310ca3552
                                      • Instruction Fuzzy Hash: BA5152B2C043489FDB01CFA9C880ADEBFB5BF58304F25812EE919AB211D7709885CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013FDE0C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 37 13fde0c-13ffd9e 40 13ffda9-13ffdb0 37->40 41 13ffda0-13ffda6 37->41 42 13ffdbb-13ffe5a CreateWindowExW 40->42 43 13ffdb2-13ffdb8 40->43 41->40 45 13ffe5c-13ffe62 42->45 46 13ffe63-13ffe9b 42->46 43->42 45->46 50 13ffe9d-13ffea0 46->50 51 13ffea8 46->51 50->51 52 13ffea9 51->52 52->52
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013FFE4A
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 02b09bf1b9f96faebd2bd143b6d90a3e94d48eaa0c18aa84fac0f79a5ee3a37f
                                      • Instruction ID: 8389d466adf70d0f9f8ea7be3fe9cd9d63f0e55ecc87398a157891fa58687d33
                                      • Opcode Fuzzy Hash: 02b09bf1b9f96faebd2bd143b6d90a3e94d48eaa0c18aa84fac0f79a5ee3a37f
                                      • Instruction Fuzzy Hash: 1851CEB1D003089FDB14CF9AC884ADEBBB5FF98714F24822EE919AB251D7759845CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F3DE4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 53 13f3de4-13f5431 CreateActCtxA 56 13f543a-13f5494 53->56 57 13f5433-13f5439 53->57 64 13f5496-13f5499 56->64 65 13f54a3-13f54a7 56->65 57->56 64->65 66 13f54a9-13f54b5 65->66 67 13f54b8 65->67 66->67 69 13f54b9 67->69 69->69
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 013F5421
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: bbf3a4b77df631e56e45e8551f581d5f36a5764c9717902afec6b88ae6ddf2fe
                                      • Instruction ID: 1b1ce67426c5f7b2393e1eb7112732893551ed83d64205ca126746ea4457fa4d
                                      • Opcode Fuzzy Hash: bbf3a4b77df631e56e45e8551f581d5f36a5764c9717902afec6b88ae6ddf2fe
                                      • Instruction Fuzzy Hash: B241FE71D0421CCBDB24CFA9C884B8EBBB5FF88309F64806AD518BB251DB756949CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F5364 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 70 13f5364-13f5431 CreateActCtxA 72 13f543a-13f5494 70->72 73 13f5433-13f5439 70->73 80 13f5496-13f5499 72->80 81 13f54a3-13f54a7 72->81 73->72 80->81 82 13f54a9-13f54b5 81->82 83 13f54b8 81->83 82->83 85 13f54b9 83->85 85->85
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 013F5421
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: dc8d5163e924b5a8de0d631d7c58b8e9ad8c15190d787f82e3694e7a350a495e
                                      • Instruction ID: ea8b229f131976f256c1f73dd5f66f15974fdef608c80073c637a1add8159674
                                      • Opcode Fuzzy Hash: dc8d5163e924b5a8de0d631d7c58b8e9ad8c15190d787f82e3694e7a350a495e
                                      • Instruction Fuzzy Hash: 7241FEB1D00218CFDB24CFA9C885B8DBBB1BF49309F24816AD518BB251DB75694ACF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F9840 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 86 13f9840-13fb98c DuplicateHandle 88 13fb98e-13fb994 86->88 89 13fb995-13fb9b2 86->89 88->89
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013FB8BE,?,?,?,?,?), ref: 013FB97F
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 8429b1d5ce9c1841e35af8bab6a18c73c0ec61a568bb550820afa9c887038269
                                      • Instruction ID: 5a375fdc9438bff04d1859fb3a152f4d7434d597cb13a4e130d938f9a2c18f75
                                      • Opcode Fuzzy Hash: 8429b1d5ce9c1841e35af8bab6a18c73c0ec61a568bb550820afa9c887038269
                                      • Instruction Fuzzy Hash: 7D21E3B59002589FDB10CF9AD484ADEFBF8EB48324F14842AE914A7310D374A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013FB8F3 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 92 13fb8f3 93 13fb8f8-13fb98c DuplicateHandle 92->93 94 13fb98e-13fb994 93->94 95 13fb995-13fb9b2 93->95 94->95
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013FB8BE,?,?,?,?,?), ref: 013FB97F
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: b45141e58c132a4014f83a8b2942169b7bcaf3cec4baea8feced068d214cde4f
                                      • Instruction ID: e8fe2c9b19b2af08e35d9bc2442d4178f33cab0285c05178b9a724c05c8e164b
                                      • Opcode Fuzzy Hash: b45141e58c132a4014f83a8b2942169b7bcaf3cec4baea8feced068d214cde4f
                                      • Instruction Fuzzy Hash: 8621E4B5D002189FDB10CF99D884ADEFBF4FB48324F14841AE914A7310D374A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F94B8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 98 13f94b8-13f9b78 100 13f9b7a-13f9b7d 98->100 101 13f9b80-13f9baf LoadLibraryExW 98->101 100->101 102 13f9bb8-13f9bd5 101->102 103 13f9bb1-13f9bb7 101->103 103->102
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013F9991,00000800,00000000,00000000), ref: 013F9BA2
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 7610685d23761218245bddbacf6c6d3b816086d0219426455c19a9f6c098b47c
                                      • Instruction ID: 377c6f1bbac8a46e4a55879c82ca9752e7d3884bd19836c1ef7d6f29ade0b430
                                      • Opcode Fuzzy Hash: 7610685d23761218245bddbacf6c6d3b816086d0219426455c19a9f6c098b47c
                                      • Instruction Fuzzy Hash: 641114B69002489FDB10CF9AC444BDEFBF4EB88328F54842EE919A7200C375A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F9B30 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 106 13f9b30-13f9b78 108 13f9b7a-13f9b7d 106->108 109 13f9b80-13f9baf LoadLibraryExW 106->109 108->109 110 13f9bb8-13f9bd5 109->110 111 13f9bb1-13f9bb7 109->111 111->110
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013F9991,00000800,00000000,00000000), ref: 013F9BA2
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 0b1125c527c186abea5178a057a6f8f908b7c308edb27a80531248e3ba13e6c1
                                      • Instruction ID: 173eb3e2d16b8ab157aa12be0ec74430b0df0712f8a3309fc3bc57731fa94cd5
                                      • Opcode Fuzzy Hash: 0b1125c527c186abea5178a057a6f8f908b7c308edb27a80531248e3ba13e6c1
                                      • Instruction Fuzzy Hash: 2811E4B6D002499FDB10CF9AD444BDEFBF4EB88324F14842EE915A7200C775A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F8240 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 114 13f8240-13f98f0 116 13f98f8-13f9923 GetModuleHandleW 114->116 117 13f98f2-13f98f5 114->117 118 13f992c-13f9940 116->118 119 13f9925-13f992b 116->119 117->116 119->118
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,013F92DB), ref: 013F9916
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: c620c7dee116b80719e9b5daabc8a4a232e448a2892f5e22229495fdbd8dc8d2
                                      • Instruction ID: d09b3bd267bee0841bc4222e37ff62dcabd51ff9c55fa212355010a344d6b3ff
                                      • Opcode Fuzzy Hash: c620c7dee116b80719e9b5daabc8a4a232e448a2892f5e22229495fdbd8dc8d2
                                      • Instruction Fuzzy Hash: 291102B5D002498FDB10CF9AC444BDEFBF4EB89228F14856AE929B7600D375A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 013F98A8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 121 13f98a8-13f98f0 123 13f98f8-13f9923 GetModuleHandleW 121->123 124 13f98f2-13f98f5 121->124 125 13f992c-13f9940 123->125 126 13f9925-13f992b 123->126 124->123 126->125
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,013F92DB), ref: 013F9916
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.360127437.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_13f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: a74708e8a33569bc779553a917f824bb711d00836f855ee19c7bc205afc7715f
                                      • Instruction ID: 67ff29f81013c69a35736a9080900001a1f00de3fa570777869259efd6d618a3
                                      • Opcode Fuzzy Hash: a74708e8a33569bc779553a917f824bb711d00836f855ee19c7bc205afc7715f
                                      • Instruction Fuzzy Hash: E911F3B5D002498FDB14CF9AC444BDEFBF5EF48218F14845AD519B7600D375A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 085F80B0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 128 85f80b0-85f87a2 PostMessageW 130 85f87ab-85f87bf 128->130 131 85f87a4-85f87aa 128->131 131->130
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 085F8795
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.373304960.00000000085F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_85f0000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 9d16c86491cb95499fe198a0e633f6250674104ef93a33035bbc3e0da101ae59
                                      • Instruction ID: b44e9f3897498d3fb6c259c574772db404c12bda3de6cc63c8c817fe517ee126
                                      • Opcode Fuzzy Hash: 9d16c86491cb95499fe198a0e633f6250674104ef93a33035bbc3e0da101ae59
                                      • Instruction Fuzzy Hash: 901103B59003489FCB10CF99C889BDEFBF8FB48325F108869E515A7201C375A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0134D4C4 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359774662.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_134d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 979bc33fd926f0b4eb574d7dd7dd04823877ac267ad9b496773de68f75fdd909
                                      • Instruction ID: 05621233e66afdb0b9db0dc97455644ee57ac3a6e79aa782a3e3093e35483b24
                                      • Opcode Fuzzy Hash: 979bc33fd926f0b4eb574d7dd7dd04823877ac267ad9b496773de68f75fdd909
                                      • Instruction Fuzzy Hash: 272103B1504244DFDB05DF54D8C0B26BFA5FB9832CF2485A9E9054B606C736E856CAE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0135D1D4 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359887738.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_135d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2500a23c1322ba396fee39bc23434fe3445fe17a78105d3a01df3e84b2b7e2bb
                                      • Instruction ID: c11d5f5d8e1e2527a9bb32bef9530e01fc914ea00aeaa28db4ba0149809a8692
                                      • Opcode Fuzzy Hash: 2500a23c1322ba396fee39bc23434fe3445fe17a78105d3a01df3e84b2b7e2bb
                                      • Instruction Fuzzy Hash: A12134B1504204EFDB41CFA4D9C0F26BBA5FB88768F24C5ADED094B342C376D846CAA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0135D01C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359887738.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_135d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adb1299d3f93179ab541abfaf71745e1fca0b5d0b8015b0705cfba4f9e43f9a7
                                      • Instruction ID: 5f3c2c987ae3853bf2cfe595fa4bbb100a48b38514d0334d8c4d866002a337d6
                                      • Opcode Fuzzy Hash: adb1299d3f93179ab541abfaf71745e1fca0b5d0b8015b0705cfba4f9e43f9a7
                                      • Instruction Fuzzy Hash: 542122B5504204DFDB55CF64D8C0F26BBA5FB88768F24C5A9ED0A4B346C33AD807CAA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0135D006 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359887738.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_135d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e974d38c651b450ebf4b5233cc769f5d573bb04ac2963369db0860c75f9672c
                                      • Instruction ID: 6fdc68aa17dd8158adaad51b6f3084ac0c96240d2c6e167648d8feb5308d33ee
                                      • Opcode Fuzzy Hash: 6e974d38c651b450ebf4b5233cc769f5d573bb04ac2963369db0860c75f9672c
                                      • Instruction Fuzzy Hash: 8321A1755093808FDB13CF24D994B15BF71EB46218F28C5EAD8498B697C33AD84ACB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0134D4BF Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359774662.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_134d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c28d7f9b6c052c6bf27c54b29b78abe899c0e928c1954ef857855ef63c427eb8
                                      • Instruction ID: c0c61fb4f6efa8841b827fad4534cb17e35b91d07e94653b0e5f6f5bb28c1bb2
                                      • Opcode Fuzzy Hash: c28d7f9b6c052c6bf27c54b29b78abe899c0e928c1954ef857855ef63c427eb8
                                      • Instruction Fuzzy Hash: F811B176504280CFCB12CF54D5C4B16BFB1FB98328F28C6A9D8454B616C336E456CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0135D1CF Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359887738.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_135d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac1c577071c2d0f69f9c0c2e3af2bcc6dc79f4eb61d5675d3e9761bf736dafb1
                                      • Instruction ID: 4d8838bf4148f08dcfa0f315d553cdedd43c6c1858063c69c2f7596930bf43fa
                                      • Opcode Fuzzy Hash: ac1c577071c2d0f69f9c0c2e3af2bcc6dc79f4eb61d5675d3e9761bf736dafb1
                                      • Instruction Fuzzy Hash: BE11BB75904280DFCB52CF54C5C4B15BBB1FB84628F28C6ADDC494B656C33AD44ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0134D745 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359774662.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_134d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cabf2cd133564ee468c03af74168cdca1d56ea7c0219f719cf253aafaf33735e
                                      • Instruction ID: ef5d2024089a9741c2ce38dd226a109a541e33d287a299b99f5bde040f6afb0e
                                      • Opcode Fuzzy Hash: cabf2cd133564ee468c03af74168cdca1d56ea7c0219f719cf253aafaf33735e
                                      • Instruction Fuzzy Hash: 5C01F7710083849BE7108E65CC84B66BFDCDF5123CF18C56AEE054A646C379A840CAB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0134D744 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.359774662.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_134d000_bVgCuQEDo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 97bad5e19aa689fc42e435b508863ff6d8632b9ea8884d45b170da695d2a9989
                                      • Instruction ID: bb598de2c489f670d731c675a1fe93ee82f20c9dc3267710b0731196e6d4e176
                                      • Opcode Fuzzy Hash: 97bad5e19aa689fc42e435b508863ff6d8632b9ea8884d45b170da695d2a9989
                                      • Instruction Fuzzy Hash: AEF0FC714043849FE7108E15CCC8B62FFD8DB41638F18C05AED044B346C3796844CAB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Execution Graph

                                      Execution Coverage:1.5%
                                      Dynamic/Decrypted Code Coverage:2.7%
                                      Signature Coverage:8.2%
                                      Total number of Nodes:220
                                      Total number of Limit Nodes:36
                                      execution_graph 43014 4014e9 43016 4014f0 NtProtectVirtualMemory 43014->43016 43017 401570 43016->43017 43021 422df0 43017->43021 43025 422df7 43017->43025 43018 40157b 43022 422df7 43021->43022 43028 41f547 43022->43028 43024 422e02 43024->43018 43026 41f547 9 API calls 43025->43026 43027 422e02 43026->43027 43027->43018 43029 41f56d 43028->43029 43036 40b317 43029->43036 43031 41f579 43035 41f5c5 43031->43035 43042 40f557 NtClose 43031->43042 43033 41f58e 43043 40d147 9 API calls 43033->43043 43035->43024 43039 40b324 43036->43039 43044 40b267 43036->43044 43038 40b32b 43038->43031 43039->43038 43051 40f317 NtClose 43039->43051 43041 40b33c 43041->43031 43042->43033 43043->43035 43046 40b27a 43044->43046 43045 40b28d 43045->43039 43046->43045 43052 41eea7 43046->43052 43048 40b2ca 43048->43045 43063 40b0a7 43048->43063 43050 40b2ea 43050->43039 43051->43041 43053 41eec0 43052->43053 43069 418657 43053->43069 43055 41eed8 43056 41eee1 43055->43056 43098 41ece7 43055->43098 43056->43048 43058 41eef5 43058->43056 43111 41da27 43058->43111 43263 408907 43063->43263 43065 40b0c8 43065->43050 43066 40b0c1 43066->43065 43276 408bc7 43066->43276 43070 41866b 43069->43070 43071 41877f 43069->43071 43070->43071 43118 41de87 43070->43118 43071->43055 43073 4187c3 43074 41fa37 RtlFreeHeap 43073->43074 43078 4187cf 43074->43078 43075 41895e 43077 41dfb7 NtClose 43075->43077 43076 418974 43168 418377 NtReadFile NtClose 43076->43168 43079 418965 43077->43079 43078->43071 43078->43075 43078->43076 43082 418867 43078->43082 43079->43055 43081 418987 43081->43055 43083 4188ce 43082->43083 43084 418876 43082->43084 43083->43075 43092 4188e1 43083->43092 43085 41887b 43084->43085 43086 41888f 43084->43086 43164 418237 NtClose 43085->43164 43088 418894 43086->43088 43089 4188ac 43086->43089 43121 4182d7 43088->43121 43089->43079 43131 417ff7 43089->43131 43090 418885 43090->43055 43165 41dfb7 43092->43165 43093 4188a2 43093->43055 43096 4188c4 43096->43055 43097 41894d 43097->43055 43100 41ed02 43098->43100 43099 41ed14 43099->43058 43100->43099 43186 41f9b7 43100->43186 43102 41ed34 43189 417c47 43102->43189 43104 41ed57 43104->43099 43105 417c47 2 API calls 43104->43105 43107 41ed79 43105->43107 43107->43099 43221 418fa7 43107->43221 43108 41ee01 43232 41d9e7 43108->43232 43112 41da43 43111->43112 43257 10c967a 43112->43257 43113 41da5e 43115 41fa37 43113->43115 43260 41e197 43115->43260 43117 41ef50 43117->43048 43119 41dea3 NtCreateFile 43118->43119 43169 41eaf7 43118->43169 43119->43073 43122 4182f3 43121->43122 43123 41831b 43122->43123 43124 41832f 43122->43124 43125 41dfb7 NtClose 43123->43125 43126 41dfb7 NtClose 43124->43126 43128 418324 43125->43128 43127 418338 43126->43127 43171 41fb57 RtlAllocateHeap 43127->43171 43128->43093 43130 418343 43130->43093 43132 418022 43131->43132 43133 418042 43132->43133 43134 418075 43132->43134 43135 41dfb7 NtClose 43133->43135 43136 418091 43134->43136 43140 4181c0 43134->43140 43137 418066 43135->43137 43138 4180b3 43136->43138 43139 4180c8 43136->43139 43137->43096 43141 41dfb7 NtClose 43138->43141 43142 4180e3 43139->43142 43143 4180cd 43139->43143 43144 41dfb7 NtClose 43140->43144 43145 4180bc 43141->43145 43151 4180e8 43142->43151 43172 41fb17 43142->43172 43146 41dfb7 NtClose 43143->43146 43147 418220 43144->43147 43145->43096 43148 4180d6 43146->43148 43147->43096 43148->43096 43158 4180fa 43151->43158 43175 41df37 43151->43175 43152 41814e 43153 418181 43152->43153 43154 41816c 43152->43154 43155 41dfb7 NtClose 43153->43155 43156 41dfb7 NtClose 43154->43156 43157 41818a 43155->43157 43156->43158 43159 4181b6 43157->43159 43178 41f837 43157->43178 43158->43096 43159->43096 43161 4181a1 43162 41fa37 RtlFreeHeap 43161->43162 43163 4181aa 43162->43163 43163->43096 43164->43090 43166 41eaf7 43165->43166 43167 41dfd3 NtClose 43166->43167 43167->43097 43168->43081 43170 41eb06 43169->43170 43170->43119 43171->43130 43174 41fb2f 43172->43174 43183 41e157 43172->43183 43174->43151 43176 41eaf7 43175->43176 43177 41df53 NtReadFile 43176->43177 43177->43152 43179 41f844 43178->43179 43180 41f85b 43178->43180 43179->43180 43181 41fb17 RtlAllocateHeap 43179->43181 43180->43161 43182 41f872 43181->43182 43182->43161 43184 41eaf7 43183->43184 43185 41e173 RtlAllocateHeap 43184->43185 43185->43174 43187 41f9e4 43186->43187 43236 41e067 43186->43236 43187->43102 43190 417c58 43189->43190 43191 417c60 43189->43191 43190->43104 43192 417cb4 43191->43192 43220 417f33 43191->43220 43239 420af7 43191->43239 43194 420af7 RtlAllocateHeap 43192->43194 43199 417cbf 43194->43199 43195 417d0d 43197 420af7 RtlAllocateHeap 43195->43197 43205 417d21 43197->43205 43198 420c27 2 API calls 43198->43199 43199->43195 43199->43198 43250 420b97 RtlAllocateHeap RtlFreeHeap 43199->43250 43200 417d7e 43201 420af7 RtlAllocateHeap 43200->43201 43203 417d94 43201->43203 43204 417dd1 43203->43204 43207 420c27 2 API calls 43203->43207 43206 420af7 RtlAllocateHeap 43204->43206 43205->43200 43244 420c27 43205->43244 43208 417ddc 43206->43208 43207->43203 43209 420c27 2 API calls 43208->43209 43215 417e16 43208->43215 43209->43208 43211 417f0b 43252 420b57 RtlFreeHeap 43211->43252 43213 417f15 43253 420b57 RtlFreeHeap 43213->43253 43251 420b57 RtlFreeHeap 43215->43251 43216 417f1f 43254 420b57 RtlFreeHeap 43216->43254 43218 417f29 43255 420b57 RtlFreeHeap 43218->43255 43220->43104 43222 418fb8 43221->43222 43223 418657 5 API calls 43222->43223 43227 418fce 43223->43227 43224 418fd7 43224->43108 43225 41900e 43226 41fa37 RtlFreeHeap 43225->43226 43228 41901f 43226->43228 43227->43224 43227->43225 43229 41905a 43227->43229 43228->43108 43230 41fa37 RtlFreeHeap 43229->43230 43231 41905f 43230->43231 43231->43108 43233 41da03 43232->43233 43256 10c9860 LdrInitializeThunk 43233->43256 43234 41da1a 43234->43058 43237 41e083 NtAllocateVirtualMemory 43236->43237 43238 41eaf7 43236->43238 43237->43187 43238->43237 43240 420b07 43239->43240 43241 420b0d 43239->43241 43240->43192 43242 41fb17 RtlAllocateHeap 43241->43242 43243 420b33 43242->43243 43243->43192 43245 420b97 43244->43245 43246 420bf4 43245->43246 43247 41fb17 RtlAllocateHeap 43245->43247 43246->43205 43248 420bd1 43247->43248 43249 41fa37 RtlFreeHeap 43248->43249 43249->43246 43250->43199 43251->43211 43252->43213 43253->43216 43254->43218 43255->43220 43256->43234 43258 10c968f LdrInitializeThunk 43257->43258 43259 10c9681 43257->43259 43258->43113 43259->43113 43261 41e1b3 RtlFreeHeap 43260->43261 43262 41eaf7 43260->43262 43261->43117 43262->43261 43264 408912 43263->43264 43265 408917 43263->43265 43264->43066 43266 41f9b7 NtAllocateVirtualMemory 43265->43266 43267 40893c 43266->43267 43268 40899f 43267->43268 43269 41d9e7 LdrInitializeThunk 43267->43269 43270 4089a5 43267->43270 43274 41f9b7 NtAllocateVirtualMemory 43267->43274 43279 41e0e7 43267->43279 43268->43066 43269->43267 43272 4089cb 43270->43272 43273 41e0e7 LdrInitializeThunk 43270->43273 43272->43066 43275 4089bc 43273->43275 43274->43267 43275->43066 43277 41e0e7 LdrInitializeThunk 43276->43277 43278 408be5 43277->43278 43278->43050 43280 41e103 43279->43280 43283 10c96e0 LdrInitializeThunk 43280->43283 43281 41e11a 43281->43267 43283->43281 43284 10c9660 LdrInitializeThunk

                                      Executed Functions

                                      Function 004012A4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID: ZY3
                                      • API String ID: 2706961497-3933040312
                                      • Opcode ID: 914a1862830ba0eb5a47b4211a4ed486b5e0bdb97a43a319fc99694b315dd84a
                                      • Instruction ID: a13d9df17b3a5732dc1e1f47e0367c948d791838b7502847994f6ee0ec9a70fc
                                      • Opcode Fuzzy Hash: 914a1862830ba0eb5a47b4211a4ed486b5e0bdb97a43a319fc99694b315dd84a
                                      • Instruction Fuzzy Hash: 688112B1C1075C9ADF10CFE4CC41AEEBBB4BF99304F20426AE405BB291EBB55685CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E062 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34memorynativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 28 41e062-41e0a4 call 41eaf7 NtAllocateVirtualMemory
                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0A0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID: HD@
                                      • API String ID: 2167126740-1661062907
                                      • Opcode ID: 14faf4761cd10ffe3d4c005ad3711dc059e8003cdddae2dcdd5aed72b00c2a3c
                                      • Instruction ID: 83f3b1e338cfd7366c651d20737b7fbcf9d9c45de25404964123ae4b84f7f414
                                      • Opcode Fuzzy Hash: 14faf4761cd10ffe3d4c005ad3711dc059e8003cdddae2dcdd5aed72b00c2a3c
                                      • Instruction Fuzzy Hash: 7FF0F8B6200118AFDB14DF99DC81EEB77A9EF88354F118509FE0DA7241C634E815CBB4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E067 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 31 41e067-41e07d 32 41e083-41e0a4 NtAllocateVirtualMemory 31->32 33 41e07e call 41eaf7 31->33 33->32
                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0A0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID: HD@
                                      • API String ID: 2167126740-1661062907
                                      • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                      • Instruction ID: a623b1cf936ba92d8d6b305c1bb189c6ba261683502d51965770d5dfcb6695a0
                                      • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                      • Instruction Fuzzy Hash: 82F015B6210218ABCB18DF89DC81EEB77ADAF88754F018109BE0897241C634F810CBB4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DED9 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 132 41ded9-41dee0 133 41dee2-41df30 call 41eaf7 132->133 134 41df5e-41df80 NtReadFile 132->134
                                      APIs
                                      • NtReadFile.NTDLL(00418987,00413C57,FFFFFFFF,00418471,00000206,?,00418987,00000206,00418471,FFFFFFFF,00413C57,00418987,00000206,00000000), ref: 0041DF7C
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: f10e8641459730cb6ce981c267ec82da3ff73693c2d65694bb27d25656bcc7cf
                                      • Instruction ID: b828ebe034e71ecd9c6b25c2a446c1a63630297c1ee313f717941aca80d7a247
                                      • Opcode Fuzzy Hash: f10e8641459730cb6ce981c267ec82da3ff73693c2d65694bb27d25656bcc7cf
                                      • Instruction Fuzzy Hash: 4F11D0B6200108AFCB18DF99DC81DEB77A9EF8C754F158209FA5DD7244C634E821CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DE81 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 124 41de81-41de83 125 41de85-41ded8 call 41eaf7 NtCreateFile 124->125 126 41de1e-41de40 call 41eaf7 124->126
                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00000005,00000000,004187C3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187C3,00000000,00000005,00000060,00000000,00000000), ref: 0041DED4
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 252f14ef4c2daacd22ab9e5114be99d523d2d4196479c04477c9c14fcb93259f
                                      • Instruction ID: 251a888138337f358809af951483a0f1617301a7136f93843b1d6e32aad9e62c
                                      • Opcode Fuzzy Hash: 252f14ef4c2daacd22ab9e5114be99d523d2d4196479c04477c9c14fcb93259f
                                      • Instruction Fuzzy Hash: 6411D0B6200108AFCB08CF99DC85DEB77A9EF8C754B108209FA0DD7241C635E851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 139 4014e9 140 4014f0-4014ff 139->140 141 401501-401504 140->141 142 401512-401519 140->142 141->142 144 401506-40150a 141->144 142->140 143 40151b 142->143 145 40151e-401573 NtProtectVirtualMemory call 4016b0 143->145 144->142 146 40150c-401510 144->146 151 401579 call 422df0 145->151 152 401579 call 422df7 145->152 146->142 147 401586-40158c 146->147 147->145 150 40157b-401585 151->150 152->150
                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID:
                                      • API String ID: 2706961497-0
                                      • Opcode ID: 1a3d5be8761addd2ea4481f47ede2a6a63b7544eb72ba18f75404e9e73c2fee9
                                      • Instruction ID: 731b45c383707e229f8afa6a4133674f7789fb987c5d4518b7492002c3ed50b3
                                      • Opcode Fuzzy Hash: 1a3d5be8761addd2ea4481f47ede2a6a63b7544eb72ba18f75404e9e73c2fee9
                                      • Instruction Fuzzy Hash: 221170B1D04A1C5EDF25CEB4DC41BDEB774FB80324F60022ED922A71A2D336191A9F94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DE87 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 153 41de87-41de9d 154 41dea3-41ded8 NtCreateFile 153->154 155 41de9e call 41eaf7 153->155 155->154
                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00000005,00000000,004187C3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187C3,00000000,00000005,00000060,00000000,00000000), ref: 0041DED4
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                      • Instruction ID: 38f794c1667435fa3cc84068c557b77492b20a8b27cbf6cb276d568079523730
                                      • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                      • Instruction Fuzzy Hash: 0AF0CFB2210208AFCB08CF89DC85EEB37EDAF8C754F018208BA0D97241C630F851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DF81 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 156 41df81-41df84 157 41df87-41dfb0 call 41eaf7 156->157 158 41df66-41df80 NtReadFile 156->158
                                      APIs
                                      • NtReadFile.NTDLL(00418987,00413C57,FFFFFFFF,00418471,00000206,?,00418987,00000206,00418471,FFFFFFFF,00413C57,00418987,00000206,00000000), ref: 0041DF7C
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 6219e319405e74944a30277a33cfe1b626e0e205b74dc09e10ade9abf01eedec
                                      • Instruction ID: eea561f4130f331a223296b87c1b079f31c3f013d3766f7d1f75ceac7c3966a9
                                      • Opcode Fuzzy Hash: 6219e319405e74944a30277a33cfe1b626e0e205b74dc09e10ade9abf01eedec
                                      • Instruction Fuzzy Hash: 29F05EB2600104BBD714EF99EC95DE777ACEF88750F108559FA1C9B241C631E911CBE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DF37 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 162 41df37-41df80 call 41eaf7 NtReadFile
                                      APIs
                                      • NtReadFile.NTDLL(00418987,00413C57,FFFFFFFF,00418471,00000206,?,00418987,00000206,00418471,FFFFFFFF,00413C57,00418987,00000206,00000000), ref: 0041DF7C
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                      • Instruction ID: 9b15e7be0e4bba7b6b24b8d4a7bc74eeb5357a43f54880f9b1113b828e2888d4
                                      • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                      • Instruction Fuzzy Hash: 44F0B2B6210208AFCB14DF89DC85EEB77ADEF8C754F118249BE0DA7241D634E811CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041DFB7 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 249 41dfb7-41dfe0 call 41eaf7 NtClose
                                      APIs
                                      • NtClose.NTDLL(00418965,00000206,?,00418965,00000005,FFFFFFFF), ref: 0041DFDC
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                      • Instruction ID: 7d372f31e121284e5399754a58abc8feddf42832504887dc41918d5d2166c6ae
                                      • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                      • Instruction Fuzzy Hash: 56D01776210214ABD614EBA9DC89EDB7BACEF48664F014155BA0C9B242C674FA008BE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 41327ca610c315938c3a44b646f2c07164bae4a8ac4e42a417bd5315fdbb3ffd
                                      • Instruction ID: 92c412af8a35029a0070dc6d7a471b2109844f78c1d8809835120023d3bbf76f
                                      • Opcode Fuzzy Hash: 41327ca610c315938c3a44b646f2c07164bae4a8ac4e42a417bd5315fdbb3ffd
                                      • Instruction Fuzzy Hash: 6790027124110913D111619985047070109A7D0281F91D412B081455CDD6968952B261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: bfc1e7dc03da38c2fd63d08e348d6365f611aacd423ada410a9f3cf3b539cada
                                      • Instruction ID: 805d60a685d28464747d1a332930e4cb8a6a72d2de36078ebdcfca2a22455cbd
                                      • Opcode Fuzzy Hash: bfc1e7dc03da38c2fd63d08e348d6365f611aacd423ada410a9f3cf3b539cada
                                      • Instruction Fuzzy Hash: CC90027124110D02D1807199840464A0105A7D1341F91D015B0415658DCA558A5977E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: edda9a2bac4cc4d4bfcbd0d9ee5c9f64df63b02afbbc4ee85f64e68c9e5d85e5
                                      • Instruction ID: 7d9fd6e2c590649fcda3bba522971639ecd4ba06965e202518924529a47b0010
                                      • Opcode Fuzzy Hash: edda9a2bac4cc4d4bfcbd0d9ee5c9f64df63b02afbbc4ee85f64e68c9e5d85e5
                                      • Instruction Fuzzy Hash: 0B90027124118D02D1106199C40474A0105A7D0341F55D411B481465CDC6D588917261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E189 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 165 41e189-41e1ae call 41eaf7 167 41e1b3-41e1c8 RtlFreeHeap 165->167
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1C4
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: 0de7905b53f2f0acb70018aa3e12a780f4a0ac100536be4cedb90c0b8d29e6eb
                                      • Instruction ID: 7ecdd82ae07a64b1f86b7c6f58cdb4fbb1a9f5317e2e98128568e32c25fd07c1
                                      • Opcode Fuzzy Hash: 0de7905b53f2f0acb70018aa3e12a780f4a0ac100536be4cedb90c0b8d29e6eb
                                      • Instruction Fuzzy Hash: 46E092752102146FCB28DF69DC89EE73B68EF84354F014159FD489B242C534E904CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E157 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 168 41e157-41e188 call 41eaf7 RtlAllocateHeap
                                      APIs
                                      • RtlAllocateHeap.NTDLL(0041811D,?,004188C4,004188C4,?,0041811D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E184
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                      • Instruction ID: 256490d6368c9a25e2411c6d513e962d696b02ec509e36abee9a23cfcffd6136
                                      • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                      • Instruction Fuzzy Hash: ACE04FB52002146BD714DF59DC45ED737ACEF88754F014155FE085B241C530F910CBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041E197 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 171 41e197-41e1ad 172 41e1b3-41e1c8 RtlFreeHeap 171->172 173 41e1ae call 41eaf7 171->173 173->172
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1C4
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_401000_SecuriteInfo.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                      • Instruction ID: 13b15cb76bac34ecf78f3555c3789f40ffa5689580ad87ed8b4a41090e7bea50
                                      • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                      • Instruction Fuzzy Hash: ACE04FB52102146BD714DF49DC49ED737ACEF88754F014155FD0857241C530F914CBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 46f85f6e327bcfaf69ad31b3bd4922821927770c6a0bdf2eb6bd7d823a49cff4
                                      • Instruction ID: 5174a606538134c4f657bf2e2f44be20592eb2fe5194958d5ba229f49f811072
                                      • Opcode Fuzzy Hash: 46f85f6e327bcfaf69ad31b3bd4922821927770c6a0bdf2eb6bd7d823a49cff4
                                      • Instruction Fuzzy Hash: 2BB09B719415C5C5D651D7A4460871B7A4077D4745F16C055E1420649B4778C091F7B5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 0113B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Strings
                                      • This failed because of error %Ix., xrefs: 0113B446
                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0113B47D
                                      • *** enter .exr %p for the exception record, xrefs: 0113B4F1
                                      • The resource is owned exclusively by thread %p, xrefs: 0113B374
                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0113B323
                                      • *** then kb to get the faulting stack, xrefs: 0113B51C
                                      • The instruction at %p referenced memory at %p., xrefs: 0113B432
                                      • read from, xrefs: 0113B4AD, 0113B4B2
                                      • The instruction at %p tried to %s , xrefs: 0113B4B6
                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0113B484
                                      • The resource is owned shared by %d threads, xrefs: 0113B37E
                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0113B39B
                                      • *** enter .cxr %p for the context, xrefs: 0113B50D
                                      • a NULL pointer, xrefs: 0113B4E0
                                      • Go determine why that thread has not released the critical section., xrefs: 0113B3C5
                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0113B476
                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0113B3D6
                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0113B53F
                                      • *** An Access Violation occurred in %ws:%s, xrefs: 0113B48F
                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0113B2F3
                                      • <unknown>, xrefs: 0113B27E, 0113B2D1, 0113B350, 0113B399, 0113B417, 0113B48E
                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 0113B352
                                      • write to, xrefs: 0113B4A6
                                      • The critical section is owned by thread %p., xrefs: 0113B3B9
                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0113B2DC
                                      • *** Inpage error in %ws:%s, xrefs: 0113B418
                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0113B38F
                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0113B305
                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0113B314
                                      • an invalid address, %p, xrefs: 0113B4CF
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                      • API String ID: 0-108210295
                                      • Opcode ID: d107de4e2263d4c35eb6b0b8d815ede7fee6c2ec045949d8e30e466b6018f322
                                      • Instruction ID: 45c215f686e4cfb2dd238975717ec985118397370cbae5bfe1b4720d766be87d
                                      • Opcode Fuzzy Hash: d107de4e2263d4c35eb6b0b8d815ede7fee6c2ec045949d8e30e466b6018f322
                                      • Instruction Fuzzy Hash: D7811571A08210FFDB2E6A4ACC46E7B3F27AFD6695F414058F5092F11AE3618451C7BA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E01141C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10648a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0108B150();
				} else {
					E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x117589c);
				E0108B150("Heap error detected at %p (heap handle %p)\n",  *0x11758a0);
				_t27 =  *0x1175898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01141E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0108B150();
				} else {
					E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0108B150("Error code: %d - %s\n",  *0x1175898);
				_t113 =  *0x11758a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0108B150("Parameter1: %p\n",  *0x11758a4);
				}
				_t115 =  *0x11758a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0108B150("Parameter2: %p\n",  *0x11758a8);
				}
				_t117 =  *0x11758ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0108B150("Parameter3: %p\n",  *0x11758ac);
				}
				_t119 =  *0x11758b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11758b4);
					E0108B150("Last known valid blocks: before - %p, after - %p\n",  *0x11758b0);
				} else {
					_t120 =  *0x11758b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0108B150();
				} else {
					E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0108B150("Stack trace available at %p\n", 0x11758c0);
			}











                                      0x01141c10
                                      0x01141c16
                                      0x01141c1e
                                      0x01141c3d
                                      0x01141c3e
                                      0x01141c20
                                      0x01141c35
                                      0x01141c3a
                                      0x01141c44
                                      0x01141c55
                                      0x01141c5a
                                      0x01141c65
                                      0x01141c67
                                      0x00000000
                                      0x01141c6e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01141c67
                                      0x01141cdc
                                      0x01141ce5
                                      0x01141d04
                                      0x01141d05
                                      0x01141ce7
                                      0x01141cfc
                                      0x01141d01
                                      0x01141d0b
                                      0x01141d17
                                      0x01141d1f
                                      0x01141d25
                                      0x01141d30
                                      0x01141d4f
                                      0x01141d50
                                      0x01141d32
                                      0x01141d47
                                      0x01141d4c
                                      0x01141d61
                                      0x01141d67
                                      0x01141d68
                                      0x01141d6e
                                      0x01141d79
                                      0x01141d98
                                      0x01141d99
                                      0x01141d7b
                                      0x01141d90
                                      0x01141d95
                                      0x01141daa
                                      0x01141db0
                                      0x01141db1
                                      0x01141db7
                                      0x01141dc2
                                      0x01141de1
                                      0x01141de2
                                      0x01141dc4
                                      0x01141dd9
                                      0x01141dde
                                      0x01141df3
                                      0x01141df9
                                      0x01141dfa
                                      0x01141e00
                                      0x01141e0a
                                      0x01141e13
                                      0x01141e32
                                      0x01141e33
                                      0x01141e15
                                      0x01141e2a
                                      0x01141e2f
                                      0x01141e39
                                      0x01141e4a
                                      0x01141e02
                                      0x01141e02
                                      0x01141e08
                                      0x00000000
                                      0x00000000
                                      0x01141e08
                                      0x01141e5b
                                      0x01141e7a
                                      0x01141e7b
                                      0x01141e5d
                                      0x01141e72
                                      0x01141e77
                                      0x01141e95

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                      • API String ID: 0-2897834094
                                      • Opcode ID: fa316b380fd20896a348714cba2d878b8d8d8875d68345a96cd686dcfb8101de
                                      • Instruction ID: 5841d0f81ad4a1038a572eb091fe3c7f1293838b8f7ddd82c456fe43d831c9e1
                                      • Opcode Fuzzy Hash: fa316b380fd20896a348714cba2d878b8d8d8875d68345a96cd686dcfb8101de
                                      • Instruction Fuzzy Hash: EB61A636916145EFD72DAB8AD888D2473A5EB04E30B4A80BEF5C95F311D734A8C18B1E
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01142D82 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 228timeCOMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 64%
                                      			E01142D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1160e80);
				E010DD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010840E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E011430C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0108B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0109EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01144496(_t181, 0);
						_t177 = E010A4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E011449A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0113FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01081F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E010B16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01144496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1176360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1176364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1176366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0112D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0108B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0108B150("Just allocated block at %p for %Ix bytes\n",  *0x1176360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1176378 = 1;
									 *0x11760c0 = 0;
									asm("int3");
									 *0x1176378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1175708; // 0x0
					 *0x117b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E010DD130(0, _t177, _t181);
				}
			}





















                                      0x01142d82
                                      0x01142d84
                                      0x01142d89
                                      0x01142d8e
                                      0x01142d90
                                      0x01142d92
                                      0x01142d97
                                      0x01142d9a
                                      0x01142da4
                                      0x01142dc0
                                      0x01142dc3
                                      0x01142dd1
                                      0x01142dd6
                                      0x01142dd8
                                      0x011430a7
                                      0x011430a7
                                      0x011430aa
                                      0x011430aa
                                      0x011430ad
                                      0x011430b4
                                      0x00000000
                                      0x011430b9
                                      0x01142de3
                                      0x01142de8
                                      0x01142deb
                                      0x01142dee
                                      0x01142df1
                                      0x01142df3
                                      0x01142dfb
                                      0x01142dfb
                                      0x01142df5
                                      0x01142df5
                                      0x01142df5
                                      0x01142e04
                                      0x01142e0a
                                      0x01142e0d
                                      0x01142e11
                                      0x01142e11
                                      0x01142e12
                                      0x01142e15
                                      0x01142e18
                                      0x01142e1a
                                      0x01143027
                                      0x01143027
                                      0x0114302d
                                      0x01143030
                                      0x0114304f
                                      0x01143054
                                      0x01143032
                                      0x01143047
                                      0x0114304c
                                      0x0114305a
                                      0x01143063
                                      0x00000000
                                      0x01142e20
                                      0x01142e20
                                      0x01142e23
                                      0x00000000
                                      0x00000000
                                      0x01142e29
                                      0x01142e2b
                                      0x01142e47
                                      0x01142e2d
                                      0x01142e33
                                      0x01142e38
                                      0x01142e3f
                                      0x01142e42
                                      0x01142e42
                                      0x01142e4e
                                      0x01142e5d
                                      0x01142e5f
                                      0x01142e62
                                      0x01142e66
                                      0x01142e6b
                                      0x01142e6d
                                      0x00000000
                                      0x01142e73
                                      0x01142e73
                                      0x01142e76
                                      0x01142e7a
                                      0x01142e83
                                      0x01142e83
                                      0x01142e83
                                      0x01142e85
                                      0x01142e87
                                      0x01142e8a
                                      0x01142e8d
                                      0x01142e92
                                      0x01142e9c
                                      0x01142e9f
                                      0x01142ea1
                                      0x01142ea2
                                      0x01142ea6
                                      0x01142ea6
                                      0x01142e9f
                                      0x01142eab
                                      0x01142eaf
                                      0x01142edf
                                      0x01142ee2
                                      0x01142ee5
                                      0x01142eb1
                                      0x01142eb3
                                      0x01142eb8
                                      0x01142ebd
                                      0x01142ec4
                                      0x01142ed6
                                      0x01142ec6
                                      0x01142ec7
                                      0x01142ecc
                                      0x01142ecf
                                      0x01142ed2
                                      0x01142ed2
                                      0x01142ed9
                                      0x01142ed9
                                      0x01142ee8
                                      0x01142eeb
                                      0x01142eef
                                      0x01142ef2
                                      0x01142efe
                                      0x01142f04
                                      0x01142f04
                                      0x01142f04
                                      0x01142f06
                                      0x01142f0d
                                      0x01142f0f
                                      0x01142f13
                                      0x01142f13
                                      0x01142f1b
                                      0x01142f21
                                      0x01142f27
                                      0x01142f95
                                      0x01142f98
                                      0x01142f9b
                                      0x01142fa0
                                      0x00000000
                                      0x00000000
                                      0x01142fa6
                                      0x01142fa9
                                      0x01142fac
                                      0x00000000
                                      0x00000000
                                      0x01142fb2
                                      0x01142fb9
                                      0x00000000
                                      0x00000000
                                      0x01142fc3
                                      0x01142fca
                                      0x00000000
                                      0x00000000
                                      0x01142fd0
                                      0x01142fd6
                                      0x01142fd9
                                      0x01142ff8
                                      0x01142ffd
                                      0x01142fdb
                                      0x01142ff0
                                      0x01142ff5
                                      0x0114300e
                                      0x0114300f
                                      0x0114301a
                                      0x00000000
                                      0x01142f29
                                      0x01142f29
                                      0x01142f2c
                                      0x01142f4b
                                      0x01142f50
                                      0x01142f2e
                                      0x01142f43
                                      0x01142f48
                                      0x01142f56
                                      0x01142f64
                                      0x01142f6c
                                      0x01142f6c
                                      0x01142f72
                                      0x01142f76
                                      0x01142f7c
                                      0x01142f83
                                      0x01142f89
                                      0x01142f8a
                                      0x01142f8a
                                      0x00000000
                                      0x01142f76
                                      0x01142f27
                                      0x01142e6d
                                      0x01142da6
                                      0x01142dab
                                      0x01142db3
                                      0x01142db9
                                      0x011430bc
                                      0x011430c1
                                      0x011430c1

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                      • API String ID: 3446177414-1745908468
                                      • Opcode ID: fe791cbd2cef89eb64a3f6736accf57a6298529b2056a9793815e5164a731a12
                                      • Instruction ID: 50cb9b68fdeff9667ed2e745368bc6e55ce37a3710a7c1c70183d40ddc10074d
                                      • Opcode Fuzzy Hash: fe791cbd2cef89eb64a3f6736accf57a6298529b2056a9793815e5164a731a12
                                      • Instruction Fuzzy Hash: 66912330910651DFDB2EEFA8D450AADBBF2FF58B10F18811DE1996B351C7329882CB01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01144AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E01144AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0108B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0113FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0108B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0108B150();
									} else {
										E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0108B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0113FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0108B150();
										} else {
											E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E010DD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0114A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E010AE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0114A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E010AE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E010AA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E010AA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E010ABC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E011323E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01081F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                      0x01144af7
                                      0x01144afb
                                      0x01144afd
                                      0x01144b01
                                      0x01144b03
                                      0x01144b08
                                      0x01144b0a
                                      0x01144b0f
                                      0x01144eb5
                                      0x01144eb5
                                      0x01144ebb
                                      0x011450d5
                                      0x011450d8
                                      0x01144ff6
                                      0x00000000
                                      0x01144ff6
                                      0x011450de
                                      0x011450e4
                                      0x011450e8
                                      0x01145107
                                      0x0114510c
                                      0x011450ea
                                      0x011450ff
                                      0x01145104
                                      0x01145112
                                      0x01145115
                                      0x01145118
                                      0x01145119
                                      0x011450cb
                                      0x011450cb
                                      0x011450af
                                      0x00000000
                                      0x011450af
                                      0x01144ecb
                                      0x011450b6
                                      0x011450bb
                                      0x01144ed1
                                      0x01144ee6
                                      0x01144eeb
                                      0x011450c1
                                      0x011450c2
                                      0x011450c5
                                      0x011450c6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01144b15
                                      0x01144b15
                                      0x01144b1c
                                      0x01144b1e
                                      0x01144b23
                                      0x01144b27
                                      0x01144b33
                                      0x01144b38
                                      0x01144b3a
                                      0x01144b3c
                                      0x01144b41
                                      0x01144b41
                                      0x01144b3a
                                      0x01144b52
                                      0x01145045
                                      0x0114504b
                                      0x0114504f
                                      0x0114506e
                                      0x01145073
                                      0x01145051
                                      0x01145066
                                      0x0114506b
                                      0x01145083
                                      0x01145088
                                      0x01145088
                                      0x0114508a
                                      0x01145091
                                      0x01145099
                                      0x01145099
                                      0x0114509d
                                      0x011450a7
                                      0x011450ad
                                      0x011450ad
                                      0x011450ad
                                      0x00000000
                                      0x0114509d
                                      0x01144b58
                                      0x01144b5b
                                      0x01144b5e
                                      0x01144b63
                                      0x01144b66
                                      0x01144b69
                                      0x01144b6f
                                      0x01144be4
                                      0x01144bf0
                                      0x01144bf2
                                      0x01144bf5
                                      0x01144dc3
                                      0x01144dc6
                                      0x01144dc9
                                      0x01144dce
                                      0x01144dce
                                      0x01144dd0
                                      0x01144dd0
                                      0x01144dd5
                                      0x01144def
                                      0x01144dd7
                                      0x01144de7
                                      0x01144de7
                                      0x01144df3
                                      0x01145001
                                      0x01145007
                                      0x0114500b
                                      0x0114502a
                                      0x0114502f
                                      0x0114500d
                                      0x01145022
                                      0x01145027
                                      0x01145039
                                      0x0114503a
                                      0x0114503b
                                      0x00000000
                                      0x01144df9
                                      0x01144dfd
                                      0x01144e90
                                      0x01144e94
                                      0x01144e9e
                                      0x01144ea4
                                      0x01144ea4
                                      0x01144ea4
                                      0x01144ea6
                                      0x01144ea6
                                      0x00000000
                                      0x01144ea6
                                      0x01144e03
                                      0x01144e08
                                      0x01144f88
                                      0x01144f92
                                      0x01144f99
                                      0x01144f9c
                                      0x01144fe0
                                      0x01144fe4
                                      0x01144fee
                                      0x01144ff4
                                      0x01144ff4
                                      0x01144ff4
                                      0x00000000
                                      0x01144fe4
                                      0x01144f9e
                                      0x01144fa4
                                      0x01144fa8
                                      0x01144fc7
                                      0x01144fcc
                                      0x01144faa
                                      0x01144fbf
                                      0x01144fc4
                                      0x01144fd2
                                      0x01144fd5
                                      0x01144fd6
                                      0x01144f34
                                      0x01144f34
                                      0x00000000
                                      0x01144f39
                                      0x01144e0e
                                      0x01144e14
                                      0x01144e1b
                                      0x01144e25
                                      0x01144e2b
                                      0x01144e2b
                                      0x01144e33
                                      0x01144e38
                                      0x01144e8a
                                      0x01144e8a
                                      0x00000000
                                      0x01144e3a
                                      0x01144e3e
                                      0x01144e43
                                      0x01144e47
                                      0x01144e53
                                      0x01144e58
                                      0x01144e5a
                                      0x01144e5c
                                      0x01144e61
                                      0x01144e61
                                      0x01144e5a
                                      0x01144e6e
                                      0x01144f41
                                      0x01144f47
                                      0x01144f4b
                                      0x01144f6a
                                      0x01144f6f
                                      0x01144f4d
                                      0x01144f62
                                      0x01144f67
                                      0x01144f7f
                                      0x01144f80
                                      0x01144f81
                                      0x00000000
                                      0x01144e74
                                      0x01144e78
                                      0x01144e82
                                      0x01144e88
                                      0x01144e88
                                      0x00000000
                                      0x01144e78
                                      0x01144e6e
                                      0x01144e38
                                      0x01144df3
                                      0x01144bfe
                                      0x01144c01
                                      0x01144c04
                                      0x01144c07
                                      0x01144c09
                                      0x01144c0c
                                      0x01144c0e
                                      0x01144c0e
                                      0x01144c11
                                      0x01144c11
                                      0x01144c0c
                                      0x01144c14
                                      0x01144c17
                                      0x01144dae
                                      0x01144db2
                                      0x01144db7
                                      0x01144dba
                                      0x01144dbd
                                      0x01144ef1
                                      0x01144ef7
                                      0x01144efb
                                      0x01144f1a
                                      0x01144f1f
                                      0x01144efd
                                      0x01144f12
                                      0x01144f17
                                      0x01144f2b
                                      0x01144f2b
                                      0x01144f2d
                                      0x01144f2e
                                      0x01144f2f
                                      0x00000000
                                      0x01144f2f
                                      0x00000000
                                      0x01144c1d
                                      0x01144c1d
                                      0x01144c20
                                      0x01144c23
                                      0x01144c26
                                      0x01144c29
                                      0x01144c2c
                                      0x01144c2e
                                      0x01144d91
                                      0x01144d91
                                      0x01144d92
                                      0x01144d97
                                      0x01144d9e
                                      0x00000000
                                      0x01144d9e
                                      0x01144c34
                                      0x01144c37
                                      0x01144c39
                                      0x01144c3c
                                      0x00000000
                                      0x00000000
                                      0x01144c45
                                      0x01144c48
                                      0x01144c4e
                                      0x01144c50
                                      0x01144c78
                                      0x01144c78
                                      0x01144c7b
                                      0x01144c7d
                                      0x01144c80
                                      0x01144c84
                                      0x01144cad
                                      0x01144cad
                                      0x01144cb0
                                      0x01144cb8
                                      0x01144cbb
                                      0x01144cbe
                                      0x01144cc1
                                      0x01144cc7
                                      0x01144cdc
                                      0x01144cc9
                                      0x01144cd2
                                      0x01144cd4
                                      0x01144cd4
                                      0x01144cde
                                      0x01144ce0
                                      0x01144d13
                                      0x01144d13
                                      0x01144d16
                                      0x01144d18
                                      0x01144d29
                                      0x01144d2a
                                      0x01144d2c
                                      0x01144d34
                                      0x01144d1a
                                      0x01144d1a
                                      0x01144d1a
                                      0x01144d1d
                                      0x01144d1f
                                      0x01144d22
                                      0x01144d24
                                      0x01144d24
                                      0x01144d3c
                                      0x01144d3f
                                      0x01144d45
                                      0x01144d47
                                      0x01144d6c
                                      0x01144d6c
                                      0x01144d70
                                      0x01144d7e
                                      0x01144d84
                                      0x01144d84
                                      0x00000000
                                      0x01144d49
                                      0x01144d49
                                      0x01144d56
                                      0x01144d56
                                      0x01144d59
                                      0x00000000
                                      0x00000000
                                      0x01144d4e
                                      0x01144d50
                                      0x01144d52
                                      0x01144d8e
                                      0x01144d5d
                                      0x01144d5f
                                      0x01144d67
                                      0x00000000
                                      0x01144d67
                                      0x01144d54
                                      0x01144d54
                                      0x01144d5b
                                      0x00000000
                                      0x01144d5b
                                      0x01144ce2
                                      0x01144ce2
                                      0x01144ce5
                                      0x01144ce5
                                      0x01144ce7
                                      0x01144cfb
                                      0x01144ce9
                                      0x01144ce9
                                      0x01144cec
                                      0x01144cef
                                      0x01144cf1
                                      0x01144cf3
                                      0x01144cf3
                                      0x01144cf3
                                      0x01144cf6
                                      0x01144cf6
                                      0x01144d02
                                      0x01144d05
                                      0x00000000
                                      0x00000000
                                      0x01144d07
                                      0x01144d0f
                                      0x01144d11
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01144d11
                                      0x00000000
                                      0x01144ce5
                                      0x01144ce0
                                      0x01144c8a
                                      0x01144c8f
                                      0x01144c91
                                      0x00000000
                                      0x00000000
                                      0x01144c9d
                                      0x00000000
                                      0x01144c9d
                                      0x01144c52
                                      0x01144c5f
                                      0x01144c5f
                                      0x01144c62
                                      0x00000000
                                      0x00000000
                                      0x01144c57
                                      0x01144c59
                                      0x01144c5b
                                      0x01144caa
                                      0x01144c66
                                      0x01144c68
                                      0x01144c70
                                      0x01144c75
                                      0x00000000
                                      0x01144c75
                                      0x01144c5d
                                      0x01144c5d
                                      0x01144c64
                                      0x00000000
                                      0x01144c64
                                      0x01144c17
                                      0x01144b75
                                      0x01144bc4
                                      0x01144bc8
                                      0x00000000
                                      0x00000000
                                      0x01144bd9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01144b77
                                      0x01144b7a
                                      0x01144b8c
                                      0x01144b7c
                                      0x01144b7e
                                      0x01144b83
                                      0x01144b86
                                      0x01144b86
                                      0x01144b90
                                      0x01144b93
                                      0x00000000
                                      0x00000000
                                      0x01144b95
                                      0x01144bab
                                      0x01144bb0
                                      0x00000000
                                      0x00000000
                                      0x01144bb2
                                      0x01144bb9
                                      0x00000000
                                      0x00000000
                                      0x01144bbb
                                      0x01144bbe
                                      0x01144bc1
                                      0x01144bc1
                                      0x00000000
                                      0x01144bc1
                                      0x01144b97
                                      0x01144ba4
                                      0x00000000
                                      0x00000000
                                      0x01144ba6
                                      0x00000000
                                      0x01144ba6
                                      0x01144ea9
                                      0x01144ea9
                                      0x01144eb2
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                      • API String ID: 0-3591852110
                                      • Opcode ID: 51a7fc50a156b76ba8a50f329ea9c7e6e9782de588d1da75cce14f5ea283fff6
                                      • Instruction ID: c08e86eab6c5ea87710e39952557c237d96e90331ec1047da5b22a36ac630d18
                                      • Opcode Fuzzy Hash: 51a7fc50a156b76ba8a50f329ea9c7e6e9782de588d1da75cce14f5ea283fff6
                                      • Instruction Fuzzy Hash: 0C12DE30604642DFDB2DDF69C495BBABBE1FF48B00F198459E4C68BA41D734E881CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01144496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 56%
                                      			E01144496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E011449A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1176378 = _t267;
						asm("int3");
						 *0x1176378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E010B174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0108B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0108B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1176350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E010C9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E010B174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0108B150();
										} else {
											E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0108B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0108B150();
									} else {
										E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0108B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0108B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01144AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0113FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E011323E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                      0x011444a1
                                      0x011444a3
                                      0x011444a7
                                      0x011444ac
                                      0x011444af
                                      0x011444b2
                                      0x011444b9
                                      0x011444bc
                                      0x011447f2
                                      0x011447f2
                                      0x011447f8
                                      0x011447fc
                                      0x011447fe
                                      0x01144804
                                      0x01144805
                                      0x01144805
                                      0x0114480c
                                      0x01144810
                                      0x01144812
                                      0x01144812
                                      0x01144812
                                      0x01144822
                                      0x01144822
                                      0x01144827
                                      0x01144827
                                      0x00000000
                                      0x01144827
                                      0x011444c4
                                      0x011444d3
                                      0x011444d9
                                      0x011444dc
                                      0x011444de
                                      0x011444e0
                                      0x01144560
                                      0x01144520
                                      0x01144522
                                      0x01144525
                                      0x01144528
                                      0x0114452b
                                      0x0114452e
                                      0x01144530
                                      0x01144697
                                      0x0114469d
                                      0x011446a1
                                      0x011446c0
                                      0x011446c5
                                      0x011446a3
                                      0x011446b8
                                      0x011446bd
                                      0x011446cb
                                      0x011446d4
                                      0x01144677
                                      0x01144677
                                      0x01144679
                                      0x0114467c
                                      0x0114468a
                                      0x01144690
                                      0x01144690
                                      0x011447f1
                                      0x011447f1
                                      0x011447f1
                                      0x00000000
                                      0x011447f1
                                      0x01144536
                                      0x01144539
                                      0x0114453c
                                      0x01144636
                                      0x0114463c
                                      0x01144640
                                      0x0114465f
                                      0x01144664
                                      0x01144642
                                      0x01144657
                                      0x0114465c
                                      0x01144670
                                      0x00000000
                                      0x01144542
                                      0x01144542
                                      0x01144546
                                      0x01144548
                                      0x0114454b
                                      0x01144555
                                      0x0114455b
                                      0x0114455b
                                      0x0114455b
                                      0x0114455d
                                      0x0114455d
                                      0x0114455d
                                      0x00000000
                                      0x0114455d
                                      0x0114453c
                                      0x01144579
                                      0x0114457c
                                      0x01144587
                                      0x01144589
                                      0x01144591
                                      0x01144592
                                      0x01144597
                                      0x01144598
                                      0x011445a1
                                      0x011445ab
                                      0x011445ab
                                      0x011445a1
                                      0x011445ae
                                      0x011445b4
                                      0x011445b9
                                      0x011445bd
                                      0x01144759
                                      0x01144759
                                      0x0114475f
                                      0x01144761
                                      0x01144763
                                      0x01144765
                                      0x01144768
                                      0x0114476b
                                      0x0114476d
                                      0x0114479c
                                      0x0114479c
                                      0x0114479f
                                      0x011447a2
                                      0x011447a4
                                      0x01144830
                                      0x01144833
                                      0x01144879
                                      0x0114487d
                                      0x011448f1
                                      0x011448f3
                                      0x011448f3
                                      0x00000000
                                      0x011448f3
                                      0x0114487f
                                      0x01144885
                                      0x01144887
                                      0x011448a8
                                      0x011448a8
                                      0x011448ae
                                      0x011448b0
                                      0x011448dc
                                      0x011448dc
                                      0x011448dc
                                      0x011448dc
                                      0x011448ec
                                      0x00000000
                                      0x011448ec
                                      0x011448b2
                                      0x011448bc
                                      0x011448be
                                      0x011448c1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x011448c3
                                      0x011448c3
                                      0x011448c6
                                      0x011448c9
                                      0x011448cc
                                      0x011448d1
                                      0x011448d4
                                      0x00000000
                                      0x00000000
                                      0x011448d6
                                      0x011448d7
                                      0x011448da
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x011448da
                                      0x0114494f
                                      0x01144955
                                      0x01144959
                                      0x01144978
                                      0x0114497d
                                      0x0114495b
                                      0x01144970
                                      0x01144975
                                      0x01144986
                                      0x01144987
                                      0x0114498a
                                      0x0114498d
                                      0x01144997
                                      0x011447ef
                                      0x011447ef
                                      0x011447ef
                                      0x00000000
                                      0x011447ef
                                      0x01144890
                                      0x01144890
                                      0x01144891
                                      0x01144891
                                      0x01144894
                                      0x01144897
                                      0x0114489d
                                      0x011448a0
                                      0x00000000
                                      0x00000000
                                      0x011448a2
                                      0x011448a3
                                      0x011448a6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x011448a6
                                      0x011448fb
                                      0x01144901
                                      0x01144905
                                      0x01144924
                                      0x01144929
                                      0x01144907
                                      0x0114491c
                                      0x01144921
                                      0x0114492f
                                      0x01144935
                                      0x01144936
                                      0x01144939
                                      0x01144942
                                      0x00000000
                                      0x01144947
                                      0x01144835
                                      0x0114483b
                                      0x0114483f
                                      0x0114485e
                                      0x01144863
                                      0x01144841
                                      0x01144856
                                      0x0114485b
                                      0x01144869
                                      0x0114486c
                                      0x0114486f
                                      0x011447e7
                                      0x011447e7
                                      0x00000000
                                      0x011447ec
                                      0x011447aa
                                      0x011447b0
                                      0x011447b4
                                      0x011447d3
                                      0x011447d8
                                      0x011447b6
                                      0x011447cb
                                      0x011447d0
                                      0x011447de
                                      0x011447df
                                      0x011447e2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0114476f
                                      0x0114476f
                                      0x01144778
                                      0x01144785
                                      0x01144787
                                      0x0114478c
                                      0x0114478e
                                      0x00000000
                                      0x00000000
                                      0x01144790
                                      0x01144792
                                      0x01144794
                                      0x00000000
                                      0x00000000
                                      0x01144796
                                      0x01144799
                                      0x00000000
                                      0x01144799
                                      0x00000000
                                      0x011445c3
                                      0x011445c3
                                      0x011445c7
                                      0x011445c7
                                      0x011445ca
                                      0x011445cf
                                      0x011445d3
                                      0x011445df
                                      0x011445e4
                                      0x011445e6
                                      0x011445e8
                                      0x011445ed
                                      0x011445ed
                                      0x011445f2
                                      0x011445f2
                                      0x011445f7
                                      0x011445fc
                                      0x01144602
                                      0x01144606
                                      0x01144609
                                      0x0114460f
                                      0x011446de
                                      0x011446e3
                                      0x011446e5
                                      0x011446ec
                                      0x011446ee
                                      0x011446f6
                                      0x011446f6
                                      0x011446f6
                                      0x011446f6
                                      0x011446ec
                                      0x01144615
                                      0x01144615
                                      0x0114461d
                                      0x0114462e
                                      0x0114462e
                                      0x0114461d
                                      0x0114460f
                                      0x01144609
                                      0x011446fd
                                      0x00000000
                                      0x00000000
                                      0x01144710
                                      0x0114471a
                                      0x01144720
                                      0x01144720
                                      0x01144722
                                      0x0114472c
                                      0x00000000
                                      0x0114472e
                                      0x0114472e
                                      0x00000000
                                      0x0114472e
                                      0x0114472c
                                      0x01144738
                                      0x0114473c
                                      0x0114474b
                                      0x01144751
                                      0x01144751
                                      0x00000000
                                      0x0114473c
                                      0x011448f4
                                      0x011448f4
                                      0x00000000
                                      0x011448f4

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                      • API String ID: 0-1357697941
                                      • Opcode ID: 8d741495062482d9eebb00d306357c95242abf66065741d84c2815c0da469d58
                                      • Instruction ID: 517b7839de64563f4a60fdf6b069822f1915b2863b84131ed32eb37d6fbb4d33
                                      • Opcode Fuzzy Hash: 8d741495062482d9eebb00d306357c95242abf66065741d84c2815c0da469d58
                                      • Instruction Fuzzy Hash: 3CF15831A00646DFDB29DFA9C490BBAFBF5FF49B04F148019E1869BA41D730A946CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E010AA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1178a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E010AA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E010ADF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01089373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0108A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1178748 - 1;
						if( *0x1178748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0108B150();
								__eflags =  *0x1177bc8;
								if( *0x1177bc8 == 0) {
									__eflags = 1;
									E01142073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1178748 - 1;
							if( *0x1178748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E010B174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E010A7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E011414FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01089373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01089819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1178748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0108B150();
											} else {
												E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0108B150();
											_pop(_t491);
											__eflags =  *0x1177bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01142073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0114A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E010AA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E010A7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E010A7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01141411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E010A7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E010A7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1178748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0108B150();
							__eflags =  *0x1177bc8;
							if( *0x1177bc8 == 0) {
								__eflags = 0;
								E01142073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1178748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0108B150();
												} else {
													E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0108B150();
												__eflags =  *0x1177bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01142073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0114A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E010AA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E010AB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E010AA830(_t553, _v64, _v24);
								_t286 = E010A7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E010A7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01141411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E010A7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E010A7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01141411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E010B174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E010AB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E010A7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E011414FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010A99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E010AA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E010BABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                      0x010aa309
                                      0x010aa316
                                      0x010aa319
                                      0x010aa31d
                                      0x010aa32d
                                      0x010aa331
                                      0x010f1e0d
                                      0x010f1e10
                                      0x010aa3cb
                                      0x010aa3cb
                                      0x010aa3bd
                                      0x010aa3c3
                                      0x010aa3c3
                                      0x010aa33a
                                      0x010f1e17
                                      0x010f1e1b
                                      0x010f1e1d
                                      0x010f1e2f
                                      0x010f1e34
                                      0x010f1e36
                                      0x010f1e3c
                                      0x010f1e3c
                                      0x010f1e3c
                                      0x010f1e3c
                                      0x010f1e36
                                      0x010f1e42
                                      0x010f1e45
                                      0x010f1e47
                                      0x010aa3f8
                                      0x010aa3f8
                                      0x010aa3fb
                                      0x010aa3fd
                                      0x010f1e50
                                      0x010aa403
                                      0x010aa411
                                      0x010aa411
                                      0x010aa411
                                      0x010aa41e
                                      0x010aa420
                                      0x010aa424
                                      0x010aa427
                                      0x010aa7c9
                                      0x010aa7cd
                                      0x010aa7d2
                                      0x010aa7d9
                                      0x010aa7e0
                                      0x010aa7e3
                                      0x010aa7ed
                                      0x010aa7f3
                                      0x010aa7f9
                                      0x010aa7ff
                                      0x010aa802
                                      0x010aa807
                                      0x010aa809
                                      0x010aa809
                                      0x010aa809
                                      0x010aa80f
                                      0x010aa80f
                                      0x010aa812
                                      0x010aa81c
                                      0x010aa821
                                      0x010aa824
                                      0x010aa42d
                                      0x010aa42d
                                      0x010aa42d
                                      0x010aa42d
                                      0x010aa42d
                                      0x010aa436
                                      0x010aa43a
                                      0x010aa609
                                      0x010aa60d
                                      0x010aa612
                                      0x010aa616
                                      0x010aa61a
                                      0x010f1e57
                                      0x010f1e59
                                      0x00000000
                                      0x00000000
                                      0x010f1e5f
                                      0x010aa620
                                      0x010aa627
                                      0x010f1e64
                                      0x010f1e66
                                      0x010f1e6c
                                      0x010f1e72
                                      0x010f1e76
                                      0x010f1e95
                                      0x010f1e9a
                                      0x010f1e78
                                      0x010f1e8d
                                      0x010f1e92
                                      0x010f1ea0
                                      0x010f1ea5
                                      0x010f1eaa
                                      0x010f1eb2
                                      0x010f1eb6
                                      0x010f1eb9
                                      0x010f1eb9
                                      0x010f1ebe
                                      0x010f1ec2
                                      0x010f1ec2
                                      0x010f1e66
                                      0x010aa62d
                                      0x010aa633
                                      0x010aa636
                                      0x010aa63a
                                      0x010aa63c
                                      0x010aa640
                                      0x010aa642
                                      0x010aa644
                                      0x010aa644
                                      0x010aa644
                                      0x010aa64d
                                      0x010aa64d
                                      0x010aa651
                                      0x010aa655
                                      0x010f1eca
                                      0x010f1ed1
                                      0x00000000
                                      0x00000000
                                      0x010f1ed7
                                      0x00000000
                                      0x010aa65b
                                      0x010aa669
                                      0x010aa66e
                                      0x010aa670
                                      0x00000000
                                      0x00000000
                                      0x010aa676
                                      0x010aa67b
                                      0x010aa680
                                      0x010aa682
                                      0x010f1f1a
                                      0x010aa688
                                      0x010aa688
                                      0x010aa688
                                      0x010aa68a
                                      0x010aa68d
                                      0x010f1f24
                                      0x010f1f2a
                                      0x010f1f31
                                      0x010f1f43
                                      0x010f1f43
                                      0x010f1f31
                                      0x010aa693
                                      0x010aa697
                                      0x010aa69d
                                      0x010aa6a0
                                      0x010aa6a6
                                      0x010aa6a8
                                      0x010aa6a8
                                      0x010aa6a8
                                      0x010aa6a8
                                      0x010aa6b2
                                      0x010aa6b7
                                      0x010aa6c1
                                      0x010aa6c6
                                      0x010aa6d2
                                      0x010aa6d9
                                      0x010aa6e3
                                      0x010aa6e6
                                      0x010aa6eb
                                      0x010aa6ed
                                      0x010aa6ed
                                      0x010aa6ed
                                      0x010aa6ed
                                      0x010aa6f3
                                      0x010aa6f8
                                      0x010aa702
                                      0x010aa70a
                                      0x010aa70e
                                      0x010aa71a
                                      0x010aa71e
                                      0x010f1fcb
                                      0x010f1fcf
                                      0x010f1fdd
                                      0x010f1fe3
                                      0x010f1fe3
                                      0x010aa724
                                      0x010aa728
                                      0x010aa72a
                                      0x010aa72d
                                      0x010aa737
                                      0x010aa73a
                                      0x010aa73c
                                      0x010aa742
                                      0x010aa748
                                      0x010f1f4d
                                      0x010f1f50
                                      0x010f1f56
                                      0x010f1f5c
                                      0x010f1f5f
                                      0x010f1f7e
                                      0x010f1f83
                                      0x010f1f61
                                      0x010f1f76
                                      0x010f1f7b
                                      0x010f1f89
                                      0x010f1f8e
                                      0x010f1f93
                                      0x010f1f94
                                      0x010f1f9a
                                      0x010f1f9c
                                      0x010f1f9e
                                      0x010f1fa1
                                      0x010f1fa1
                                      0x010f1fa6
                                      0x010f1fa6
                                      0x010f1f50
                                      0x010aa74e
                                      0x010aa751
                                      0x010aa754
                                      0x010aa75d
                                      0x010aa75e
                                      0x010aa762
                                      0x010aa767
                                      0x010f1faf
                                      0x010f1fb0
                                      0x010f1fb9
                                      0x010f1fbe
                                      0x010f1fc2
                                      0x010f1fc2
                                      0x010aa76d
                                      0x010aa76d
                                      0x010aa775
                                      0x010aa778
                                      0x010aa77d
                                      0x010aa77d
                                      0x010aa71e
                                      0x010aa782
                                      0x010aa787
                                      0x010aa789
                                      0x010f1ff3
                                      0x010aa78f
                                      0x010aa78f
                                      0x010aa78f
                                      0x010aa791
                                      0x010aa794
                                      0x010f1ffd
                                      0x010f2006
                                      0x010f200c
                                      0x010f2017
                                      0x010f2019
                                      0x010f2024
                                      0x010f2024
                                      0x010f2024
                                      0x010f2047
                                      0x010f2047
                                      0x010f200c
                                      0x010aa79a
                                      0x010aa79f
                                      0x010aa7a4
                                      0x010aa7a9
                                      0x010aa7ab
                                      0x010f205a
                                      0x010aa7b1
                                      0x010aa7b1
                                      0x010aa7b1
                                      0x010aa7b3
                                      0x010aa7b6
                                      0x00000000
                                      0x010aa7bc
                                      0x010f2066
                                      0x010f2068
                                      0x010f2073
                                      0x010f2073
                                      0x010f2073
                                      0x010f2078
                                      0x010f2079
                                      0x010f207d
                                      0x00000000
                                      0x010f207d
                                      0x010aa7b6
                                      0x010aa440
                                      0x010aa440
                                      0x010aa440
                                      0x010aa446
                                      0x010aa44c
                                      0x010aa44f
                                      0x010aa453
                                      0x010aa455
                                      0x010f20b3
                                      0x010f20b9
                                      0x010f20b9
                                      0x010aa45d
                                      0x010aa460
                                      0x010aa464
                                      0x010aa466
                                      0x010aa46b
                                      0x010aa46f
                                      0x010aa471
                                      0x010aa471
                                      0x010aa471
                                      0x010aa474
                                      0x010aa479
                                      0x010aa47d
                                      0x010aa47f
                                      0x010f2229
                                      0x010f222f
                                      0x010aa3c8
                                      0x010aa3c8
                                      0x010aa3ca
                                      0x010aa3ca
                                      0x00000000
                                      0x010aa3ca
                                      0x010f2235
                                      0x010f223a
                                      0x010f223a
                                      0x00000000
                                      0x00000000
                                      0x010f2240
                                      0x010f2246
                                      0x010f224a
                                      0x010f2269
                                      0x010f226e
                                      0x010f224c
                                      0x010f2261
                                      0x010f2266
                                      0x010f2274
                                      0x010f2279
                                      0x010f227e
                                      0x010f2286
                                      0x010f2288
                                      0x010f228d
                                      0x010f228d
                                      0x010f2292
                                      0x010f2292
                                      0x010f2295
                                      0x010f2295
                                      0x00000000
                                      0x010f2295
                                      0x010aa485
                                      0x010aa489
                                      0x010aa48b
                                      0x010aa48f
                                      0x010aa493
                                      0x010aa497
                                      0x010aa49b
                                      0x010aa4bb
                                      0x010aa4bb
                                      0x010aa4bd
                                      0x010aa4ff
                                      0x010aa4ff
                                      0x010aa501
                                      0x010aa505
                                      0x010aa50f
                                      0x010aa517
                                      0x010aa51b
                                      0x010aa527
                                      0x010aa52b
                                      0x010f2182
                                      0x010f2185
                                      0x010f2193
                                      0x010f2199
                                      0x010f2199
                                      0x010aa531
                                      0x010aa535
                                      0x010aa538
                                      0x010aa548
                                      0x010aa54b
                                      0x010aa54d
                                      0x010aa553
                                      0x010aa559
                                      0x010f2100
                                      0x010f2103
                                      0x010f2109
                                      0x010f210f
                                      0x010f2112
                                      0x010f2131
                                      0x010f2136
                                      0x010f2114
                                      0x010f2129
                                      0x010f212e
                                      0x010f213c
                                      0x010f2141
                                      0x010f2147
                                      0x010f214d
                                      0x010f2151
                                      0x010f2154
                                      0x010f2154
                                      0x010f2159
                                      0x010f2159
                                      0x010f2103
                                      0x010aa55f
                                      0x010aa562
                                      0x010aa565
                                      0x010aa567
                                      0x010f2162
                                      0x010aa56d
                                      0x010aa574
                                      0x010aa575
                                      0x010aa579
                                      0x010aa57e
                                      0x010f2169
                                      0x010f216a
                                      0x010f2170
                                      0x010f2175
                                      0x010f2179
                                      0x010f2179
                                      0x010aa57e
                                      0x010aa584
                                      0x010aa58f
                                      0x010aa58f
                                      0x010aa52b
                                      0x010aa5ad
                                      0x010aa5bc
                                      0x010aa5c1
                                      0x010aa5c6
                                      0x010aa5cb
                                      0x010aa5cd
                                      0x010f21a9
                                      0x010aa5d3
                                      0x010aa5d3
                                      0x010aa5d3
                                      0x010aa5d5
                                      0x010aa5d8
                                      0x010f21b3
                                      0x010f21bc
                                      0x010f21c2
                                      0x010f21cd
                                      0x010f21cf
                                      0x010f21da
                                      0x010f21da
                                      0x010f21da
                                      0x010f21f7
                                      0x010f21f7
                                      0x010f21c2
                                      0x010aa5de
                                      0x010aa5e3
                                      0x010aa5e8
                                      0x010aa5ea
                                      0x010f220a
                                      0x010aa5f0
                                      0x010aa5f0
                                      0x010aa5f0
                                      0x010aa5f2
                                      0x010aa5f5
                                      0x010f2219
                                      0x010f221b
                                      0x010f208c
                                      0x010f208c
                                      0x010f208c
                                      0x010f2095
                                      0x010f2096
                                      0x010f2097
                                      0x010f2098
                                      0x010f20a4
                                      0x010f20a5
                                      0x010f20a9
                                      0x010f20a9
                                      0x00000000
                                      0x010aa5f5
                                      0x010aa4bf
                                      0x010aa4d3
                                      0x010aa4d8
                                      0x010aa4da
                                      0x010f1ede
                                      0x010f1ede
                                      0x010f1ee4
                                      0x010f1ee9
                                      0x00000000
                                      0x00000000
                                      0x010f1f07
                                      0x00000000
                                      0x010f1f07
                                      0x010aa4e0
                                      0x010aa4e5
                                      0x010aa4e7
                                      0x010f20cb
                                      0x010aa4ed
                                      0x010aa4ed
                                      0x010aa4ed
                                      0x010aa4f2
                                      0x010aa4f5
                                      0x010f20d5
                                      0x010f20de
                                      0x010f20e4
                                      0x010f20f6
                                      0x010f20f6
                                      0x010f20e4
                                      0x010aa4fb
                                      0x00000000
                                      0x010aa4fb
                                      0x010aa4a1
                                      0x010aa4a4
                                      0x010aa4a8
                                      0x00000000
                                      0x00000000
                                      0x010aa4aa
                                      0x010aa4ac
                                      0x00000000
                                      0x00000000
                                      0x010aa4b2
                                      0x010aa4b5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010aa4b5
                                      0x010aa43a
                                      0x010aa340
                                      0x010aa346
                                      0x010aa600
                                      0x00000000
                                      0x010aa600
                                      0x010aa34f
                                      0x010aa351
                                      0x010aa358
                                      0x010aa3c6
                                      0x00000000
                                      0x010aa371
                                      0x010aa37a
                                      0x010aa37f
                                      0x010aa382
                                      0x010aa384
                                      0x010aa394
                                      0x00000000
                                      0x010aa396
                                      0x010aa399
                                      0x010aa3a7
                                      0x010aa3b0
                                      0x010aa3b4
                                      0x010aa3bb
                                      0x010aa3d2
                                      0x010aa3da
                                      0x010aa3df
                                      0x010aa3e1
                                      0x010aa3e5
                                      0x010aa3ea
                                      0x010aa3f0
                                      0x010aa3f0
                                      0x010aa3e1
                                      0x00000000
                                      0x010aa3bb
                                      0x010aa394

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-523794902
                                      • Opcode ID: f1c48ca958f8ed7403a2821a016578063e8bcadd9899ecdaeb57a0d45d00de50
                                      • Instruction ID: be1e3c54de47221d2f00f125e298f3cd3d2e54a0c0a02516c025970560795799
                                      • Opcode Fuzzy Hash: f1c48ca958f8ed7403a2821a016578063e8bcadd9899ecdaeb57a0d45d00de50
                                      • Instruction Fuzzy Hash: 79420D31608382DFD715DF68C884A6ABBE5FF88604F4889ADF5C68B392D734D981CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AB477 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 405COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E010AB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x117d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E010AB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E010CB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1178748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E0108B150();
						__eflags =  *0x1177bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01142073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1178a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x117b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E010C9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0114A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E010C9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0114138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0113FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0114A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0114A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E010A7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01141582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E010A7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01141582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E010AB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E010ABC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0114A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                      0x010ab486
                                      0x010ab48a
                                      0x010ab48e
                                      0x010ab491
                                      0x010ab493
                                      0x010ab49a
                                      0x010ab49c
                                      0x010ab4a2
                                      0x010ab4a7
                                      0x010ab6fc
                                      0x010ab6fc
                                      0x010ab6b3
                                      0x010ab6c3
                                      0x010ab6c3
                                      0x010ab4b4
                                      0x010f294f
                                      0x010f2951
                                      0x010f2957
                                      0x010f295d
                                      0x010f2961
                                      0x010f2980
                                      0x010f2985
                                      0x010f2963
                                      0x010f2978
                                      0x010f297d
                                      0x010f298b
                                      0x010f2990
                                      0x010f2995
                                      0x010f299d
                                      0x010f29a1
                                      0x010f29a2
                                      0x010f29a2
                                      0x010f29a7
                                      0x010f29a7
                                      0x010f2951
                                      0x010ab4ba
                                      0x010ab4ba
                                      0x010ab4bd
                                      0x010ab4c2
                                      0x010ab6d4
                                      0x010ab4c8
                                      0x010ab4c8
                                      0x010ab4c8
                                      0x010ab4cd
                                      0x010ab4d0
                                      0x010ab4d9
                                      0x010ab4df
                                      0x010ab4e2
                                      0x010f29b7
                                      0x010f29bd
                                      0x00000000
                                      0x010ab4e8
                                      0x010ab4e8
                                      0x010ab4ef
                                      0x010ab4fa
                                      0x010ab703
                                      0x010ab709
                                      0x010ab70b
                                      0x010ab711
                                      0x010ab711
                                      0x010ab70b
                                      0x010ab503
                                      0x010ab50c
                                      0x010ab511
                                      0x010ab514
                                      0x010ab519
                                      0x010f29c5
                                      0x010f29c7
                                      0x010f29cc
                                      0x010f29cd
                                      0x010f29cf
                                      0x010f29d0
                                      0x010f29d2
                                      0x010f29d7
                                      0x010f29d9
                                      0x010f29ee
                                      0x010f29ee
                                      0x010f29f4
                                      0x010f29fa
                                      0x010f2a01
                                      0x00000000
                                      0x010f2a01
                                      0x010f29db
                                      0x010f29df
                                      0x00000000
                                      0x00000000
                                      0x010f29e1
                                      0x010f29e4
                                      0x00000000
                                      0x00000000
                                      0x010f29e6
                                      0x010f29e6
                                      0x010ab51f
                                      0x010ab51f
                                      0x010ab520
                                      0x010ab525
                                      0x010ab52b
                                      0x010ab52d
                                      0x010ab52e
                                      0x010ab530
                                      0x010ab535
                                      0x010ab53b
                                      0x010ab53d
                                      0x010f2a07
                                      0x00000000
                                      0x010f2a07
                                      0x010ab549
                                      0x010ab54e
                                      0x010f2a12
                                      0x010f2a15
                                      0x00000000
                                      0x00000000
                                      0x010f2a24
                                      0x010ab559
                                      0x010ab55c
                                      0x010f2a34
                                      0x010f2a3b
                                      0x010f2a4d
                                      0x010f2a4d
                                      0x010f2a3b
                                      0x010ab566
                                      0x010ab56b
                                      0x010ab56f
                                      0x010ab57b
                                      0x010ab582
                                      0x010f2a57
                                      0x010f2a5c
                                      0x010f2a5c
                                      0x010ab582
                                      0x010ab58b
                                      0x010ab58e
                                      0x010ab592
                                      0x010ab596
                                      0x010ab599
                                      0x010ab59b
                                      0x010ab59e
                                      0x010ab5a3
                                      0x010ab5a6
                                      0x010ab5a9
                                      0x010f2a66
                                      0x010f2a67
                                      0x010f2a73
                                      0x010f2a78
                                      0x010ab5b8
                                      0x010ab5b8
                                      0x010ab5bb
                                      0x010ab5bd
                                      0x010ab5bd
                                      0x010ab5c4
                                      0x010ab5f7
                                      0x010ab5f7
                                      0x010ab600
                                      0x010ab606
                                      0x010ab60c
                                      0x010ab612
                                      0x010ab618
                                      0x010ab621
                                      0x010ab623
                                      0x010ab629
                                      0x010ab629
                                      0x010ab62c
                                      0x010ab62f
                                      0x010ab633
                                      0x010ab636
                                      0x010ab639
                                      0x010ab71d
                                      0x010ab720
                                      0x010ab736
                                      0x010ab660
                                      0x010ab660
                                      0x010ab662
                                      0x010ab665
                                      0x010ab66a
                                      0x010ab6e6
                                      0x010ab6e7
                                      0x010ab6ea
                                      0x010ab6ef
                                      0x010f2ad1
                                      0x010f2ad2
                                      0x010f2ad8
                                      0x010f2add
                                      0x010f2add
                                      0x010ab6f5
                                      0x010ab6f5
                                      0x010ab672
                                      0x010ab675
                                      0x010ab67a
                                      0x010f2ae5
                                      0x010f2ae8
                                      0x00000000
                                      0x00000000
                                      0x010f2af4
                                      0x010f2afc
                                      0x00000000
                                      0x010ab680
                                      0x010ab680
                                      0x010ab680
                                      0x010ab685
                                      0x010ab687
                                      0x010ab68a
                                      0x010f2b06
                                      0x010f2b0c
                                      0x010f2b13
                                      0x010f2b1e
                                      0x010f2b20
                                      0x010f2b2b
                                      0x010f2b2b
                                      0x010f2b2b
                                      0x010f2b34
                                      0x010f2b45
                                      0x010f2b45
                                      0x010f2b13
                                      0x010ab696
                                      0x010ab69b
                                      0x010ab6a0
                                      0x010f2b4f
                                      0x010f2b52
                                      0x00000000
                                      0x00000000
                                      0x010f2b61
                                      0x00000000
                                      0x010ab6a6
                                      0x010ab6a6
                                      0x010ab6a6
                                      0x010ab6a8
                                      0x010ab6ab
                                      0x010f2b70
                                      0x010f2b72
                                      0x010f2b7d
                                      0x010f2b7d
                                      0x010f2b7d
                                      0x010f2b86
                                      0x010f2b97
                                      0x010f2b97
                                      0x010ab6b1
                                      0x00000000
                                      0x010ab6b1
                                      0x010ab6a0
                                      0x010ab67a
                                      0x010ab722
                                      0x010ab722
                                      0x010ab655
                                      0x010ab65d
                                      0x00000000
                                      0x010ab5c6
                                      0x010ab5c6
                                      0x010ab5ce
                                      0x010f2a83
                                      0x010f2a97
                                      0x010f2a97
                                      0x010f2a9a
                                      0x00000000
                                      0x00000000
                                      0x010f2a88
                                      0x010f2a8a
                                      0x010f2a8c
                                      0x010f2a8f
                                      0x010f2a92
                                      0x010f2aa1
                                      0x010f2aa1
                                      0x010f2aa2
                                      0x010f2aab
                                      0x010f2ab0
                                      0x00000000
                                      0x010f2ab0
                                      0x010f2a94
                                      0x010f2a94
                                      0x00000000
                                      0x010f2a9c
                                      0x010ab5d4
                                      0x010ab5d4
                                      0x010ab5d6
                                      0x010ab5d9
                                      0x010ab5de
                                      0x010ab5e1
                                      0x010ab5e4
                                      0x010f2ab8
                                      0x010f2ab9
                                      0x010f2ac4
                                      0x010f2ac9
                                      0x010ab5f2
                                      0x010ab5f2
                                      0x010ab5f4
                                      0x010ab5f4
                                      0x00000000
                                      0x010ab5e4
                                      0x010ab5c4
                                      0x010ab554
                                      0x010ab554
                                      0x00000000
                                      0x010ab554

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-4253913091
                                      • Opcode ID: 954c791b4bea5ace32bcb02fbfa60cf4f5a2b91b8196ffb67cfa5445c03f2d42
                                      • Instruction ID: b9aa8ad9cd5215e2d7b0d6c19daadeecd395c633c5ffe662d41a4356c374ae26
                                      • Opcode Fuzzy Hash: 954c791b4bea5ace32bcb02fbfa60cf4f5a2b91b8196ffb67cfa5445c03f2d42
                                      • Instruction Fuzzy Hash: 74E199706002069FDB19CFA8C895BBEBBF5FF48704F1481A9E5929B791D734E981CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01082FB0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E01082FB0(intOrPtr* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				char _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x117d360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x1178748 - 2;
					if( *0x1178748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E0108B150();
						__eflags =  *0x1177bc8;
						if(__eflags == 0) {
							_t135 = 2;
							E01142073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E010CB640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						E0112CB1E(_t138, _t159, 0, 8, 0);
					}
					E010831B0(_t125, _t159, _t155);
					E0114274F(_t159);
					_t155 = 1;
					E010B1249(_t159, 1, 0, 0);
					E0114B581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x1175718; // 0x0
					 *0x117b1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					E0112CB1E(_t144, _t159, 0, 8, 0);
				}
				E010831B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = E01143518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E010B1249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E010B174B( &_v96,  &_v100, 0x8000);
							_t88 = E010A7D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								E0113FE3F(_t127, _t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E010B174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E010B174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E01083138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E010A7D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E010A7D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E010C9AE0();
								}
							}
							_t104 = E010A7D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E010A7D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E010C9AE0();
							}
							if(E010A7D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								E0113FDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}


















































                                      0x01082fb8
                                      0x01082fc2
                                      0x01082fc6
                                      0x01082fc9
                                      0x01082fce
                                      0x010dfb7d
                                      0x010dfb84
                                      0x010dfb8a
                                      0x010dfb90
                                      0x010dfb94
                                      0x010dfbb3
                                      0x010dfbb8
                                      0x010dfb96
                                      0x010dfbab
                                      0x010dfbb0
                                      0x010dfbbe
                                      0x010dfbc3
                                      0x010dfbc8
                                      0x010dfbd0
                                      0x010dfbd8
                                      0x010dfbd9
                                      0x010dfbd9
                                      0x010dfbd0
                                      0x010830ea
                                      0x010830ea
                                      0x010830ec
                                      0x010830f0
                                      0x010830f1
                                      0x010830f2
                                      0x010830fd
                                      0x010830fd
                                      0x01082fdb
                                      0x010dfbe3
                                      0x010dfbea
                                      0x010dfbed
                                      0x0108312b
                                      0x0108312b
                                      0x00000000
                                      0x0108312b
                                      0x010dfbf3
                                      0x010dfbf8
                                      0x010dfbfa
                                      0x010dfc00
                                      0x010dfc02
                                      0x010dfc02
                                      0x010dfc09
                                      0x010dfc10
                                      0x010dfc1b
                                      0x010dfc1c
                                      0x010dfc23
                                      0x00000000
                                      0x010dfc23
                                      0x01082fe8
                                      0x010dfc2d
                                      0x010dfc36
                                      0x010dfc3c
                                      0x00000000
                                      0x010dfc3c
                                      0x01082fee
                                      0x01082ff5
                                      0x010dfc47
                                      0x010dfc49
                                      0x010dfc49
                                      0x01082ffd
                                      0x01083009
                                      0x010dfc53
                                      0x010dfc5a
                                      0x00000000
                                      0x00000000
                                      0x010dfc62
                                      0x010dfc67
                                      0x010dfc69
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0108300f
                                      0x0108300f
                                      0x01083018
                                      0x00000000
                                      0x0108301e
                                      0x01083024
                                      0x01083025
                                      0x0108302a
                                      0x01083030
                                      0x01083032
                                      0x010dfc74
                                      0x010dfc76
                                      0x010dfc7a
                                      0x010dfc81
                                      0x010dfc8f
                                      0x010dfc93
                                      0x010dfc98
                                      0x010dfc9d
                                      0x010dfc9f
                                      0x010dfcb1
                                      0x010dfca1
                                      0x010dfcaa
                                      0x010dfcaa
                                      0x010dfcb6
                                      0x010dfcb9
                                      0x010dfcbf
                                      0x010dfcc5
                                      0x010dfcc5
                                      0x010dfcca
                                      0x010dfcca
                                      0x01083041
                                      0x01083100
                                      0x01083047
                                      0x01083047
                                      0x01083047
                                      0x0108304b
                                      0x0108310b
                                      0x0108310f
                                      0x0108311c
                                      0x01083121
                                      0x01083121
                                      0x01083051
                                      0x01083059
                                      0x010dfcde
                                      0x010dfce3
                                      0x010dfce5
                                      0x010dfcea
                                      0x010dfcea
                                      0x01083063
                                      0x01083075
                                      0x01083075
                                      0x00000000
                                      0x0108307b
                                      0x01083081
                                      0x01083086
                                      0x0108308d
                                      0x00000000
                                      0x0108308f
                                      0x0108308f
                                      0x01083094
                                      0x010830a0
                                      0x010dfcfa
                                      0x010830a6
                                      0x010830a6
                                      0x010830a6
                                      0x010830ab
                                      0x010dfd01
                                      0x010dfd07
                                      0x010dfd0e
                                      0x010dfd14
                                      0x010dfd19
                                      0x010dfd1b
                                      0x010dfd26
                                      0x010dfd26
                                      0x010dfd26
                                      0x010dfd2f
                                      0x010dfd38
                                      0x010dfd39
                                      0x010dfd3b
                                      0x010dfd43
                                      0x010dfd44
                                      0x010dfd48
                                      0x010dfd48
                                      0x010dfd0e
                                      0x010830b1
                                      0x010830b6
                                      0x010830c2
                                      0x010dfd5b
                                      0x010830c8
                                      0x010830c8
                                      0x010830c8
                                      0x010830cd
                                      0x010dfd62
                                      0x010dfd67
                                      0x010dfd69
                                      0x010dfd74
                                      0x010dfd74
                                      0x010dfd74
                                      0x010dfd7d
                                      0x010dfd86
                                      0x010dfd87
                                      0x010dfd89
                                      0x010dfd91
                                      0x010dfd92
                                      0x010dfd96
                                      0x010dfd96
                                      0x010830da
                                      0x010dfda9
                                      0x010830e0
                                      0x010830e0
                                      0x010830e0
                                      0x010830e8
                                      0x01083131
                                      0x01083131
                                      0x00000000
                                      0x010830e8
                                      0x0108308d
                                      0x01083018

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 3446177414-3610490719
                                      • Opcode ID: e5b80cf5ccc8004917684f63c0e5ce9b7bc15f8fb8ec2b37acd54ec9dea71ee6
                                      • Instruction ID: 68dee943dba6595a7096ea9bee6136f4b12b882565482b44f063f54910a5193e
                                      • Opcode Fuzzy Hash: e5b80cf5ccc8004917684f63c0e5ce9b7bc15f8fb8ec2b37acd54ec9dea71ee6
                                      • Instruction Fuzzy Hash: 9491D6717087429BD726FB28C4A4B6EB7E5BF84A00F048499F9C29B341DB75D846CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01093D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E01093D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01091B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01091B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01091B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01091B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01091B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E010A4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E010CF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E010D1370(_t276, 0x1064e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E010CBB40(0,  &_v68, _t170);
									if(L010943C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E010CBB40(_t257,  &_v68, _t243);
								if(L010943C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E010D1370(_t278, 0x1064e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E010A4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E010CF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E010D1370(_v16, 0x1064e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E010CBB40(_t262,  &_v68, _t244);
								if(L010943C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E010D1370(_t282, 0x1064e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E010CBB40(_t262,  &_v68, _t201);
							if(L010943C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E010A4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E010CF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E010D1370(_t280, 0x1064e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E010CBB40(_t267,  &_v68, _t245);
							if(L010943C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E010D1370(_t284, 0x1064e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E010CBB40(_t267,  &_v68, _t224);
						if(L010943C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                      0x01093d3c
                                      0x01093d42
                                      0x01093d44
                                      0x01093d46
                                      0x01093d49
                                      0x01093d4c
                                      0x01093d4f
                                      0x01093d52
                                      0x01093d55
                                      0x01093d58
                                      0x01093d5b
                                      0x01093d5f
                                      0x01093d61
                                      0x01093d66
                                      0x010e8213
                                      0x010e8218
                                      0x01094085
                                      0x01094088
                                      0x0109408e
                                      0x01094094
                                      0x0109409a
                                      0x010940a0
                                      0x010940a6
                                      0x010940a9
                                      0x010940af
                                      0x010940b6
                                      0x010940bd
                                      0x010940bd
                                      0x01093d83
                                      0x010e821f
                                      0x010e8229
                                      0x010e8238
                                      0x010e8238
                                      0x010e823d
                                      0x010e823d
                                      0x01093da0
                                      0x01093daf
                                      0x01093db5
                                      0x01093dba
                                      0x01093dba
                                      0x01093dd4
                                      0x01093e94
                                      0x01093eab
                                      0x01093f6d
                                      0x01093f84
                                      0x0109406b
                                      0x0109406b
                                      0x0109406e
                                      0x0109406e
                                      0x01094070
                                      0x01094074
                                      0x010e8351
                                      0x010e8351
                                      0x0109407a
                                      0x0109407f
                                      0x010e835d
                                      0x010e8370
                                      0x010e8377
                                      0x010e8379
                                      0x010e837c
                                      0x010e837c
                                      0x010e835d
                                      0x00000000
                                      0x0109407f
                                      0x01093f8a
                                      0x01093f8d
                                      0x01093f90
                                      0x01093f95
                                      0x010e830d
                                      0x010e830f
                                      0x01093f9b
                                      0x01093fac
                                      0x01093fae
                                      0x01093fb1
                                      0x01093fb1
                                      0x01093fb6
                                      0x010e8317
                                      0x010e831a
                                      0x00000000
                                      0x01093fbc
                                      0x01093fc1
                                      0x01093fc9
                                      0x01093fd7
                                      0x01093fda
                                      0x01093fdd
                                      0x01094021
                                      0x01094021
                                      0x01094029
                                      0x01094030
                                      0x01094044
                                      0x01094046
                                      0x01094046
                                      0x01094044
                                      0x01094049
                                      0x010e8327
                                      0x010e8334
                                      0x010e8339
                                      0x010e833c
                                      0x0109404f
                                      0x0109404f
                                      0x0109404f
                                      0x01094051
                                      0x01094056
                                      0x01094063
                                      0x01094063
                                      0x01094068
                                      0x00000000
                                      0x01094068
                                      0x01093fdf
                                      0x01093fe2
                                      0x01093fe4
                                      0x01093fe7
                                      0x01093fef
                                      0x01094003
                                      0x01094005
                                      0x01094005
                                      0x0109400c
                                      0x01094013
                                      0x01094016
                                      0x01094017
                                      0x0109401b
                                      0x0109401e
                                      0x00000000
                                      0x0109401e
                                      0x01093fb6
                                      0x01093eb1
                                      0x01093eb4
                                      0x01093eb7
                                      0x01093ebc
                                      0x010e82a9
                                      0x010e82ab
                                      0x01093ec2
                                      0x01093ed3
                                      0x01093ed5
                                      0x01093ed8
                                      0x01093ed8
                                      0x01093edd
                                      0x010e82b3
                                      0x010e82b6
                                      0x00000000
                                      0x01093ee3
                                      0x01093ee8
                                      0x01093eed
                                      0x01093ef0
                                      0x01093ef3
                                      0x01093f02
                                      0x01093f05
                                      0x01093f08
                                      0x010e82c0
                                      0x010e82c3
                                      0x010e82c5
                                      0x010e82c8
                                      0x010e82d0
                                      0x010e82e4
                                      0x010e82e6
                                      0x010e82e6
                                      0x010e82ed
                                      0x010e82f4
                                      0x010e82f7
                                      0x010e82f8
                                      0x010e82fc
                                      0x010e82ff
                                      0x010e82ff
                                      0x01093f0e
                                      0x01093f11
                                      0x01093f16
                                      0x01093f1d
                                      0x01093f31
                                      0x010e8307
                                      0x010e8307
                                      0x01093f31
                                      0x01093f39
                                      0x01093f48
                                      0x01093f4d
                                      0x01093f50
                                      0x01093f50
                                      0x01093f53
                                      0x01093f58
                                      0x01093f65
                                      0x01093f65
                                      0x01093f6a
                                      0x00000000
                                      0x01093f6a
                                      0x01093edd
                                      0x01093dda
                                      0x01093ddd
                                      0x01093de0
                                      0x01093de5
                                      0x010e8245
                                      0x01093deb
                                      0x01093df7
                                      0x01093dfc
                                      0x01093dfe
                                      0x01093e01
                                      0x01093e01
                                      0x01093e06
                                      0x010e824d
                                      0x010e824f
                                      0x010e8254
                                      0x00000000
                                      0x01093e0c
                                      0x01093e11
                                      0x01093e16
                                      0x01093e19
                                      0x01093e29
                                      0x01093e2c
                                      0x01093e2f
                                      0x010e825c
                                      0x010e825f
                                      0x010e8261
                                      0x010e8264
                                      0x010e826c
                                      0x010e8280
                                      0x010e8282
                                      0x010e8282
                                      0x010e8289
                                      0x010e8290
                                      0x010e8293
                                      0x010e8294
                                      0x010e8298
                                      0x010e829b
                                      0x010e829b
                                      0x01093e35
                                      0x01093e38
                                      0x01093e3d
                                      0x01093e44
                                      0x01093e58
                                      0x010e82a3
                                      0x010e82a3
                                      0x01093e58
                                      0x01093e60
                                      0x01093e6f
                                      0x01093e74
                                      0x01093e77
                                      0x01093e77
                                      0x01093e7a
                                      0x01093e7f
                                      0x01093e8c
                                      0x01093e8c
                                      0x01093e91
                                      0x00000000
                                      0x01093e91

                                      Strings
                                      • Kernel-MUI-Language-Disallowed, xrefs: 01093E97
                                      • Kernel-MUI-Number-Allowed, xrefs: 01093D8C
                                      • Kernel-MUI-Language-SKU, xrefs: 01093F70
                                      • WindowsExcludedProcs, xrefs: 01093D6F
                                      • Kernel-MUI-Language-Allowed, xrefs: 01093DC0
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                      • API String ID: 0-258546922
                                      • Opcode ID: 39052018ebb987135edee40d9e246e09be492a5a29b032959801abc8367d9a76
                                      • Instruction ID: 9fe295880887fe1094f5349b00618418b347d9d27f9b0d0b606c681293524d60
                                      • Opcode Fuzzy Hash: 39052018ebb987135edee40d9e246e09be492a5a29b032959801abc8367d9a76
                                      • Instruction Fuzzy Hash: F6F15A72D00219EFCF11DFA9C990AEEBBF9BF48650F14406AE985E7250E7749E01DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0115E824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 50%
                                      			E0115E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x117d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L010AFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E010AFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x117b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E010A2280(E010CF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E0109FFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x117b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E010CB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E010BF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x117b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x117b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0115E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0115E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0115E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E010AFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0115E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                      0x0115e833
                                      0x0115e839
                                      0x0115e83e
                                      0x0115e841
                                      0x0115e848
                                      0x0115e84b
                                      0x0115e851
                                      0x0115e8b2
                                      0x0115e8b2
                                      0x0115e8b5
                                      0x0115e90b
                                      0x0115e911
                                      0x0115e913
                                      0x0115e913
                                      0x0115e91a
                                      0x0115e91d
                                      0x0115e922
                                      0x0115e924
                                      0x0115e924
                                      0x0115e924
                                      0x0115e92f
                                      0x0115e933
                                      0x0115e935
                                      0x0115e93a
                                      0x0115e940
                                      0x0115e948
                                      0x0115e950
                                      0x0115e955
                                      0x00000000
                                      0x00000000
                                      0x0115e957
                                      0x0115e95c
                                      0x0115e9cb
                                      0x0115e9d2
                                      0x0115e9d4
                                      0x0115e9f2
                                      0x0115e9f6
                                      0x0115ea10
                                      0x0115ea18
                                      0x0115ea1a
                                      0x0115ea1f
                                      0x0115ea2c
                                      0x0115ea2d
                                      0x0115ea2e
                                      0x0115ea32
                                      0x0115ea3d
                                      0x0115ea42
                                      0x0115ea45
                                      0x0115ea51
                                      0x0115ea60
                                      0x0115ea65
                                      0x0115ea68
                                      0x0115ea6a
                                      0x0115ea6a
                                      0x0115ea6a
                                      0x0115ea6f
                                      0x0115ea76
                                      0x0115ea7c
                                      0x0115ea7e
                                      0x0115ea81
                                      0x0115ea85
                                      0x0115ea88
                                      0x0115ea8c
                                      0x0115ea8f
                                      0x0115ea93
                                      0x0115ea98
                                      0x00000000
                                      0x00000000
                                      0x0115ea9a
                                      0x0115ea9d
                                      0x0115eaa2
                                      0x0115eb0e
                                      0x0115eb15
                                      0x0115eb17
                                      0x0115eb33
                                      0x0115eb36
                                      0x0115eb39
                                      0x0115eb3f
                                      0x0115eb45
                                      0x0115eb4a
                                      0x0115eb52
                                      0x0115ecb1
                                      0x0115ecb9
                                      0x0115ecbe
                                      0x0115ecc3
                                      0x0115ecc6
                                      0x0115eceb
                                      0x0115ecee
                                      0x0115ecf9
                                      0x0115ecfe
                                      0x0115ed00
                                      0x0115ed05
                                      0x0115ed07
                                      0x0115ed0a
                                      0x0115ed0c
                                      0x0115ed0e
                                      0x0115ed12
                                      0x0115ed19
                                      0x0115ed1e
                                      0x0115ed24
                                      0x0115ed2a
                                      0x0115ed2a
                                      0x0115ed2c
                                      0x0115ed3e
                                      0x0115ed3e
                                      0x0115eb5a
                                      0x0115eb62
                                      0x0115eb69
                                      0x00000000
                                      0x00000000
                                      0x0115eb6f
                                      0x0115eb75
                                      0x0115eb79
                                      0x0115eb79
                                      0x0115eb88
                                      0x0115eb8e
                                      0x0115eb90
                                      0x0115eb92
                                      0x0115eb97
                                      0x0115ed3f
                                      0x0115ed45
                                      0x00000000
                                      0x00000000
                                      0x0115ed4b
                                      0x0115ed4e
                                      0x00000000
                                      0x0115eb9d
                                      0x0115eb9d
                                      0x0115eb9d
                                      0x0115eba2
                                      0x0115ebb5
                                      0x0115ebbc
                                      0x0115ebbe
                                      0x0115ebbe
                                      0x0115ebc3
                                      0x0115ebc5
                                      0x0115ebcb
                                      0x0115ebd2
                                      0x0115ebd5
                                      0x0115ebdb
                                      0x0115ebdf
                                      0x0115ebe1
                                      0x0115ebf0
                                      0x0115ebf9
                                      0x0115ec04
                                      0x0115ec07
                                      0x0115ec0a
                                      0x0115ec82
                                      0x0115ec85
                                      0x0115ec8b
                                      0x0115ec91
                                      0x0115ec93
                                      0x0115ec96
                                      0x0115ec9b
                                      0x0115eca6
                                      0x0115ecac
                                      0x0115ecae
                                      0x0115ecae
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0115ec0c
                                      0x0115ec0c
                                      0x0115ec0c
                                      0x0115ec0f
                                      0x0115ec12
                                      0x0115ec15
                                      0x0115ec15
                                      0x0115ec18
                                      0x0115ec1e
                                      0x00000000
                                      0x00000000
                                      0x0115ec22
                                      0x0115ec28
                                      0x0115ec4b
                                      0x0115ec5b
                                      0x0115ec5d
                                      0x0115ec63
                                      0x0115ec65
                                      0x0115ec68
                                      0x0115ec6b
                                      0x0115ec6b
                                      0x0115ec70
                                      0x0115ec71
                                      0x0115ec74
                                      0x0115ec7d
                                      0x00000000
                                      0x0115ebe3
                                      0x0115ebe3
                                      0x0115ebe6
                                      0x0115ebe6
                                      0x0115ebe7
                                      0x0115ebe9
                                      0x0115ebec
                                      0x00000000
                                      0x0115ebe6
                                      0x0115ebe1
                                      0x0115eba4
                                      0x0115eba9
                                      0x0115ebb0
                                      0x0115ebb3
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0115ebab
                                      0x0115ebab
                                      0x0115ebab
                                      0x0115ebac
                                      0x0115ebac
                                      0x00000000
                                      0x0115ebab
                                      0x0115eb97
                                      0x0115eb19
                                      0x0115eb1c
                                      0x0115eb21
                                      0x0115eb26
                                      0x0115eb2c
                                      0x0115eb2c
                                      0x00000000
                                      0x0115eb26
                                      0x0115ead6
                                      0x0115ead9
                                      0x0115eadc
                                      0x0115eadc
                                      0x0115eadc
                                      0x0115eade
                                      0x0115eae4
                                      0x00000000
                                      0x00000000
                                      0x0115eaee
                                      0x0115eaf7
                                      0x0115eaf9
                                      0x00000000
                                      0x00000000
                                      0x0115eb04
                                      0x0115eb12
                                      0x00000000
                                      0x0115eb12
                                      0x0115eb06
                                      0x00000000
                                      0x0115eb06
                                      0x0115eaf0
                                      0x0115eaf2
                                      0x0115eaf4
                                      0x00000000
                                      0x0115eaf4
                                      0x0115ea6a
                                      0x0115ea21
                                      0x00000000
                                      0x0115ea21
                                      0x0115e9d6
                                      0x0115e9d6
                                      0x0115e9e0
                                      0x0115e9e2
                                      0x0115e9e2
                                      0x0115e9e8
                                      0x00000000
                                      0x0115e9e8
                                      0x0115e987
                                      0x0115e98f
                                      0x0115e992
                                      0x0115e995
                                      0x0115e995
                                      0x0115e998
                                      0x0115e998
                                      0x0115e99a
                                      0x0115e9a0
                                      0x00000000
                                      0x00000000
                                      0x0115e9a9
                                      0x0115e9b2
                                      0x0115e9b4
                                      0x00000000
                                      0x00000000
                                      0x0115e9ba
                                      0x0115e9c1
                                      0x0115e9cf
                                      0x00000000
                                      0x0115e9cf
                                      0x0115e9c3
                                      0x00000000
                                      0x0115e9c3
                                      0x0115e9ab
                                      0x0115e9ad
                                      0x0115e9af
                                      0x00000000
                                      0x0115e9af
                                      0x0115e924
                                      0x0115e8b7
                                      0x0115e8ba
                                      0x0115e902
                                      0x0115e908
                                      0x0115e90a
                                      0x00000000
                                      0x0115e90a
                                      0x0115e8bc
                                      0x0115e8bf
                                      0x0115e8f9
                                      0x0115e8ff
                                      0x0115e901
                                      0x00000000
                                      0x0115e901
                                      0x0115e8c1
                                      0x0115e8c4
                                      0x0115e8f0
                                      0x0115e8f6
                                      0x0115e8f8
                                      0x00000000
                                      0x0115e8f8
                                      0x0115e8c6
                                      0x0115e8c9
                                      0x0115e8e7
                                      0x0115e8ed
                                      0x0115e8ef
                                      0x00000000
                                      0x0115e8ef
                                      0x0115e8cb
                                      0x0115e8ce
                                      0x0115e8de
                                      0x0115e8e4
                                      0x0115e8e6
                                      0x00000000
                                      0x0115e8e6
                                      0x0115e8d3
                                      0x00000000
                                      0x0115e8d5
                                      0x0115e8db
                                      0x0115e8dd
                                      0x00000000
                                      0x0115e8dd
                                      0x0115e853
                                      0x0115e855
                                      0x0115e85b
                                      0x0115e85d
                                      0x0115e897
                                      0x0115e89c
                                      0x0115e8a2
                                      0x0115e8a6
                                      0x0115e8ab
                                      0x0115e8ad
                                      0x0115e8ad
                                      0x00000000
                                      0x0115e85d

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 84d81d365e0bcced34f8cea4b1dd1011e69c682f97bc58290653110290210b97
                                      • Instruction ID: 59aa65b233248adc4524839036f476f3cc1e237f11a1477577fa0e48957703ea
                                      • Opcode Fuzzy Hash: 84d81d365e0bcced34f8cea4b1dd1011e69c682f97bc58290653110290210b97
                                      • Instruction Fuzzy Hash: B302A472E006169BCB5CCF6DC89167EFBF6AF88200759416DD866DB381E734EA41CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01083ACA Relevance: 6.3, APIs: 4, Instructions: 348COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E01083ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x115f4d0);
				E010DD0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E010A2280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E0109FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E010DD130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1178628; // 0x0
									 *(_t317 - 0x30) = _t201;
									_t202 =  *0x117862c; // 0x0
									 *(_t317 - 0x44) = _t202;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							_t207 =  *0x1178628; // 0x0
							_t310 =  *0x117862c; // 0x0
							 *(_t317 - 0x28) = _t310;
							__eflags =  *(_t317 - 0x30) - _t207;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) != _t207);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E010BDF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x117b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E0109FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E010A2280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E010A2280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E0109FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E010A2280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E011130AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E01083E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x117b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x117b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x117b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E010A7D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E01112E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E01083E6B(_t252);
									_t230 = E01083E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}






































                                      0x01083aca
                                      0x01083acf
                                      0x01083ad4
                                      0x01083ad9
                                      0x01083adb
                                      0x01083ae0
                                      0x01083ae3
                                      0x01083ae5
                                      0x01083ae8
                                      0x01083aeb
                                      0x01083aed
                                      0x01083af5
                                      0x01083af8
                                      0x01083afb
                                      0x01083afe
                                      0x01083b05
                                      0x01083b0a
                                      0x01083b0d
                                      0x00000000
                                      0x01083b10
                                      0x01083b15
                                      0x01083b1a
                                      0x01083b21
                                      0x01083b30
                                      0x01083b30
                                      0x01083b33
                                      0x01083b33
                                      0x01083b36
                                      0x01083b39
                                      0x01083b3f
                                      0x01083b47
                                      0x01083b4a
                                      0x01083b4a
                                      0x01083b4f
                                      0x01083b4f
                                      0x01083b4f
                                      0x01083b4f
                                      0x01083b4f
                                      0x01083b4f
                                      0x01083b54
                                      0x01083b57
                                      0x01083b5c
                                      0x01083b61
                                      0x01083b67
                                      0x01083b6f
                                      0x01083b6f
                                      0x01083b71
                                      0x01083b75
                                      0x01083b77
                                      0x00000000
                                      0x00000000
                                      0x01083e6c
                                      0x01083e6c
                                      0x01083b7d
                                      0x01083b7d
                                      0x01083b82
                                      0x01083b84
                                      0x01083b87
                                      0x01083b8a
                                      0x01083b8d
                                      0x01083b90
                                      0x01083b90
                                      0x01083b97
                                      0x01083b97
                                      0x01083b9c
                                      0x01083ba1
                                      0x01083ba7
                                      0x01083baa
                                      0x01083bad
                                      0x01083bad
                                      0x01083bb7
                                      0x01083bb7
                                      0x01083bbc
                                      0x01083bbf
                                      0x01083bc1
                                      0x01083bc7
                                      0x01083bcd
                                      0x01083bd5
                                      0x01083bd8
                                      0x01083bda
                                      0x01083be1
                                      0x01083be4
                                      0x01083be7
                                      0x01083bea
                                      0x01083bed
                                      0x01083d97
                                      0x01083d9c
                                      0x01083da8
                                      0x01083dad
                                      0x01083db0
                                      0x01083db2
                                      0x01083db5
                                      0x010e020b
                                      0x010e0211
                                      0x010e0213
                                      0x010e0213
                                      0x01083dbb
                                      0x00000000
                                      0x01083dbb
                                      0x01083bf3
                                      0x01083bf5
                                      0x00000000
                                      0x00000000
                                      0x01083bfb
                                      0x01083bfe
                                      0x01083bfe
                                      0x01083bfe
                                      0x01083c02
                                      0x01083dd1
                                      0x01083dd1
                                      0x01083dd7
                                      0x010e00c1
                                      0x010e00c4
                                      0x01083c11
                                      0x01083c11
                                      0x01083c14
                                      0x010e00cf
                                      0x010e00d2
                                      0x00000000
                                      0x00000000
                                      0x010e00d8
                                      0x010e00e6
                                      0x010e00e9
                                      0x010e00ec
                                      0x010e00ef
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e00f5
                                      0x010e00dd
                                      0x010e00e0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e00e0
                                      0x01083c1a
                                      0x01083c1a
                                      0x01083c1d
                                      0x01083e20
                                      0x01083e23
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083e29
                                      0x01083c23
                                      0x01083c23
                                      0x01083c26
                                      0x01083c2c
                                      0x01083c2f
                                      0x01083c35
                                      0x01083c3b
                                      0x01083c41
                                      0x01083c47
                                      0x01083c4d
                                      0x01083c59
                                      0x01083c5f
                                      0x01083c62
                                      0x01083c68
                                      0x01083c6a
                                      0x01083c6d
                                      0x01083c74
                                      0x01083c79
                                      0x01083c7b
                                      0x01083c7e
                                      0x01083c80
                                      0x01083c83
                                      0x01083c89
                                      0x01083c8b
                                      0x01083dea
                                      0x01083df1
                                      0x01083df2
                                      0x01083df5
                                      0x01083df8
                                      0x01083dfb
                                      0x01083dfd
                                      0x00000000
                                      0x00000000
                                      0x01083e03
                                      0x01083e07
                                      0x01083e42
                                      0x01083e49
                                      0x01083e4a
                                      0x01083e4d
                                      0x00000000
                                      0x01083e4d
                                      0x01083e09
                                      0x01083d86
                                      0x01083d89
                                      0x01083d8c
                                      0x01083d8e
                                      0x01083e31
                                      0x01083e31
                                      0x01083d94
                                      0x00000000
                                      0x01083d94
                                      0x01083c91
                                      0x01083c91
                                      0x01083c94
                                      0x01083d23
                                      0x01083d23
                                      0x01083d27
                                      0x01083e16
                                      0x01083e16
                                      0x01083d2d
                                      0x01083d31
                                      0x010e01fe
                                      0x010e01fe
                                      0x01083d84
                                      0x01083d84
                                      0x00000000
                                      0x01083d84
                                      0x01083d3d
                                      0x01083d44
                                      0x01083d45
                                      0x01083d48
                                      0x01083d4f
                                      0x010e01de
                                      0x010e01de
                                      0x010e01e2
                                      0x00000000
                                      0x00000000
                                      0x010e01ea
                                      0x010e01ea
                                      0x010e01eb
                                      0x010e01f9
                                      0x00000000
                                      0x010e01f9
                                      0x01083d55
                                      0x01083d5c
                                      0x00000000
                                      0x00000000
                                      0x01083d62
                                      0x01083d66
                                      0x01083e55
                                      0x01083e5e
                                      0x01083e60
                                      0x00000000
                                      0x00000000
                                      0x01083d75
                                      0x01083d75
                                      0x01083d79
                                      0x01083d7b
                                      0x01083d7e
                                      0x010e01c7
                                      0x010e01ca
                                      0x010e01cd
                                      0x010e01d0
                                      0x010e01d3
                                      0x010e01d6
                                      0x010e01d6
                                      0x01083d7e
                                      0x00000000
                                      0x01083d79
                                      0x01083d6c
                                      0x01083d72
                                      0x00000000
                                      0x01083d72
                                      0x01083c9d
                                      0x01083ca0
                                      0x01083cab
                                      0x01083cae
                                      0x01083cb1
                                      0x01083cb5
                                      0x01083cb7
                                      0x01083cd2
                                      0x01083cdb
                                      0x01083cdb
                                      0x01083cde
                                      0x01083ce1
                                      0x01083ce3
                                      0x010e00fa
                                      0x010e00fd
                                      0x00000000
                                      0x00000000
                                      0x010e0103
                                      0x010e0107
                                      0x010e0113
                                      0x010e0125
                                      0x010e012b
                                      0x010e012e
                                      0x010e0131
                                      0x00000000
                                      0x010e0131
                                      0x010e0109
                                      0x010e010d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083ce9
                                      0x01083ce9
                                      0x01083ce9
                                      0x01083cee
                                      0x010e0139
                                      0x010e0149
                                      0x010e014f
                                      0x010e014f
                                      0x01083cf4
                                      0x01083cf9
                                      0x01083cfb
                                      0x010e0160
                                      0x01083d01
                                      0x01083d01
                                      0x01083d01
                                      0x01083d06
                                      0x01083d09
                                      0x010e0184
                                      0x010e0184
                                      0x01083d0f
                                      0x01083d16
                                      0x01083d1e
                                      0x00000000
                                      0x01083d1e
                                      0x01083ce3
                                      0x010e00ca
                                      0x01083ddd
                                      0x01083de0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083de2
                                      0x01083c08
                                      0x01083c0b
                                      0x01083dc9
                                      0x01083dcb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083dcb
                                      0x00000000
                                      0x01083c0b

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c15a029c889887f15daecf9e31bbed3c37aa3263a90eb208fa18a97b73885607
                                      • Instruction ID: 177971819ccfcbc96c16ce50040417a9a4881cc3962bd18faa4d0c970a67a3aa
                                      • Opcode Fuzzy Hash: c15a029c889887f15daecf9e31bbed3c37aa3263a90eb208fa18a97b73885607
                                      • Instruction Fuzzy Hash: ADE1FE70E04608DFCB65EFA9D984A9DFBF1BF88700F10456AE586AB261D770E841CF00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010840E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 29%
                                      			E010840E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0108B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0108B150(", passed to %s", _t29);
					}
					_push("\n");
					E0108B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1176378 = 1;
						asm("int3");
						 *0x1176378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                      0x010840e6
                                      0x010840e8
                                      0x010840f1
                                      0x010e042d
                                      0x010e044c
                                      0x010e0451
                                      0x010e042f
                                      0x010e0444
                                      0x010e0449
                                      0x010e045d
                                      0x010e0466
                                      0x010e046e
                                      0x010e0474
                                      0x010e0475
                                      0x010e047a
                                      0x010e048a
                                      0x010e048c
                                      0x010e0493
                                      0x010e0494
                                      0x010e0494
                                      0x00000000
                                      0x010e049b
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                      • API String ID: 0-188067316
                                      • Opcode ID: 0d6a7d0ccb13ec3b24faa93a451d739c50d3d4fb5a9234839b07a748e46ff7ec
                                      • Instruction ID: ab23800e7a56206d4f415c364f87c8db20445ba0eeb02972b758d553ead56190
                                      • Opcode Fuzzy Hash: 0d6a7d0ccb13ec3b24faa93a451d739c50d3d4fb5a9234839b07a748e46ff7ec
                                      • Instruction Fuzzy Hash: 2C01FC72208641DEE239A76AE54DF9677E8DB81F30F19406DF0C94F751CEE59480C651
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A5600 Relevance: 6.2, Strings: 3, Instructions: 2418COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E010A5600(signed char __ecx, signed int __edx, signed int _a4, unsigned int _a8, intOrPtr* _a12, signed char* _a16) {
				signed char _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v69;
				char _v70;
				signed char _v71;
				char _v72;
				char _v73;
				signed int _v80;
				signed int _v88;
				signed short _v92;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				char _v109;
				char _v110;
				signed int _v111;
				char _v112;
				signed char _v116;
				signed int _v120;
				signed char _v128;
				signed short _v132;
				signed short _v134;
				signed short _v136;
				signed short _v138;
				signed int _v144;
				signed char _v148;
				signed char _v152;
				signed short _v156;
				signed int _v160;
				signed short _v164;
				signed short _v166;
				signed int _v172;
				signed char _v176;
				signed char _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed char _v200;
				char _v204;
				signed int _v206;
				signed char _v212;
				intOrPtr _v216;
				signed int _v220;
				unsigned int* _v224;
				intOrPtr _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed char _v248;
				unsigned int* _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed char _v276;
				signed char _v280;
				intOrPtr _v284;
				signed int* _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed short _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr _v340;
				signed char _v344;
				signed char _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				unsigned int _v372;
				unsigned int _v380;
				unsigned int _v388;
				unsigned int _v396;
				unsigned int _v404;
				unsigned int _v412;
				unsigned int _v420;
				unsigned int _v428;
				unsigned int _v436;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t1068;
				signed char _t1072;
				signed int _t1073;
				intOrPtr _t1075;
				signed int _t1078;
				char* _t1079;
				signed int _t1097;
				signed char* _t1100;
				intOrPtr _t1101;
				signed int _t1102;
				signed char* _t1105;
				intOrPtr _t1106;
				signed int _t1107;
				signed char* _t1110;
				signed char* _t1112;
				signed int _t1120;
				void* _t1127;
				signed char* _t1137;
				intOrPtr* _t1145;
				signed int _t1147;
				intOrPtr _t1148;
				void* _t1149;
				signed int _t1151;
				signed char _t1153;
				signed int _t1158;
				signed int _t1159;
				signed char _t1179;
				signed char _t1180;
				unsigned int _t1182;
				signed char _t1192;
				signed char _t1193;
				char _t1205;
				signed char _t1209;
				signed short _t1211;
				void* _t1212;
				signed int _t1217;
				signed int _t1218;
				signed char _t1219;
				signed int _t1221;
				intOrPtr* _t1227;
				intOrPtr* _t1228;
				signed int _t1235;
				signed int _t1236;
				intOrPtr* _t1244;
				intOrPtr* _t1246;
				signed int _t1249;
				signed int _t1253;
				signed int _t1255;
				intOrPtr _t1261;
				signed int _t1267;
				signed int _t1269;
				intOrPtr* _t1281;
				intOrPtr* _t1282;
				signed int _t1285;
				signed int* _t1289;
				signed int* _t1291;
				intOrPtr _t1294;
				signed int _t1295;
				signed int _t1301;
				signed int* _t1302;
				signed int _t1303;
				intOrPtr _t1308;
				signed short _t1309;
				intOrPtr _t1315;
				signed int _t1316;
				intOrPtr _t1318;
				signed int* _t1319;
				signed int _t1320;
				signed int* _t1323;
				signed int _t1324;
				unsigned int* _t1333;
				signed int _t1336;
				signed int _t1338;
				signed int _t1341;
				signed int _t1347;
				signed int* _t1348;
				signed int _t1349;
				signed short _t1352;
				signed short _t1358;
				signed short _t1364;
				signed int _t1373;
				intOrPtr _t1379;
				intOrPtr _t1384;
				intOrPtr* _t1392;
				signed int _t1393;
				signed int _t1396;
				signed int _t1397;
				intOrPtr _t1399;
				signed int _t1401;
				signed char _t1403;
				signed int _t1405;
				signed int _t1406;
				intOrPtr _t1408;
				signed int* _t1410;
				signed int _t1411;
				signed short _t1414;
				signed int* _t1424;
				signed int _t1425;
				signed int* _t1428;
				signed int _t1429;
				signed int _t1432;
				signed int _t1434;
				signed int _t1438;
				signed short _t1440;
				signed short _t1447;
				signed short _t1453;
				intOrPtr* _t1459;
				signed char _t1460;
				void* _t1461;
				signed int _t1465;
				signed int _t1466;
				intOrPtr _t1469;
				signed int _t1471;
				signed char _t1473;
				signed int _t1475;
				signed int _t1476;
				signed char _t1477;
				intOrPtr _t1479;
				signed int* _t1481;
				signed int _t1482;
				signed short _t1485;
				signed int _t1496;
				signed int _t1504;
				signed int _t1506;
				signed int _t1518;
				unsigned int _t1521;
				intOrPtr _t1522;
				signed int _t1523;
				signed int _t1524;
				signed int _t1525;
				signed char _t1526;
				signed short _t1527;
				signed int _t1529;
				unsigned int _t1535;
				signed int _t1538;
				signed short _t1539;
				signed int _t1559;
				signed int _t1564;
				signed char _t1565;
				signed char _t1566;
				signed char _t1567;
				signed char _t1569;
				signed int _t1571;
				signed char _t1576;
				signed short* _t1577;
				signed char _t1579;
				intOrPtr* _t1581;
				signed int _t1583;
				intOrPtr* _t1586;
				intOrPtr _t1590;
				signed int _t1594;
				signed char _t1599;
				intOrPtr* _t1601;
				signed int _t1604;
				signed int _t1605;
				signed int _t1606;
				signed int _t1608;
				signed char _t1614;
				signed short _t1617;
				signed int _t1619;
				signed short _t1620;
				signed int _t1622;
				unsigned int _t1628;
				signed short _t1632;
				signed int _t1634;
				signed char _t1638;
				signed char _t1643;
				signed char _t1648;
				intOrPtr _t1651;
				signed int _t1654;
				signed int _t1656;
				signed int _t1657;
				signed char _t1658;
				signed char _t1660;
				signed char _t1668;
				signed short _t1671;
				intOrPtr _t1673;
				signed short _t1674;
				intOrPtr _t1676;
				signed int _t1678;
				signed int _t1681;
				signed int _t1682;
				signed int _t1686;
				signed short _t1689;
				signed int _t1691;
				signed char _t1695;
				signed char _t1700;
				signed char _t1705;
				signed int _t1707;
				intOrPtr _t1708;
				signed int _t1709;
				signed int _t1710;
				signed char _t1712;
				signed char _t1719;
				signed int* _t1723;
				signed int _t1724;
				signed int _t1725;
				unsigned int _t1728;
				signed int _t1729;
				signed int _t1730;
				signed char* _t1734;
				signed int _t1736;
				intOrPtr* _t1738;
				signed int _t1740;
				signed int _t1743;
				unsigned int _t1744;
				intOrPtr _t1753;
				signed char _t1754;
				signed short* _t1755;
				signed short* _t1757;
				unsigned int _t1760;
				intOrPtr _t1763;
				signed int _t1765;
				signed short _t1766;
				signed short _t1768;
				void* _t1769;
				signed int _t1771;
				signed int _t1773;
				signed int _t1775;
				unsigned int _t1781;
				signed int _t1784;
				signed int _t1785;
				signed int _t1787;
				signed int _t1789;
				unsigned int _t1791;
				unsigned int _t1795;
				unsigned int _t1799;
				signed int _t1802;
				intOrPtr* _t1803;
				signed short* _t1805;
				signed int _t1807;
				intOrPtr _t1809;
				signed short _t1811;
				signed short _t1813;
				intOrPtr _t1814;
				signed char _t1820;
				void* _t1821;
				signed int _t1825;
				signed char _t1829;
				unsigned int _t1831;
				unsigned int* _t1836;
				unsigned int _t1838;
				unsigned int _t1842;
				unsigned int _t1846;
				signed int _t1852;
				signed int _t1858;
				unsigned int _t1861;
				signed int _t1866;
				intOrPtr _t1868;
				signed char _t1871;
				void* _t1873;
				signed int _t1876;
				signed int _t1877;
				signed int _t1880;
				signed char _t1881;
				signed int _t1882;
				signed int _t1883;
				signed short _t1885;
				signed short* _t1886;
				signed char _t1887;
				signed char _t1888;
				signed int* _t1889;
				intOrPtr _t1890;
				signed int _t1892;
				intOrPtr* _t1893;
				signed int _t1894;
				signed int _t1895;
				signed int _t1896;
				signed int _t1897;
				signed int _t1900;
				signed int _t1904;
				signed int _t1905;
				signed int _t1906;
				intOrPtr _t1907;
				signed int _t1908;
				signed int _t1910;
				signed int _t1911;
				signed int _t1912;
				unsigned int _t1916;
				signed int _t1917;
				void* _t1921;
				intOrPtr _t1922;
				intOrPtr _t1923;
				signed int _t1924;
				signed int _t1926;
				signed int _t1927;
				signed int _t1928;
				unsigned int _t1931;
				signed int _t1932;
				signed int* _t1933;
				intOrPtr _t1934;
				signed int _t1935;
				void* _t1936;
				void* _t1937;
				void* _t1940;
				void* _t1941;
				signed int _t1946;
				void* _t1952;

				_t1725 = __edx;
				_t1540 = __ecx;
				_push(0xfffffffe);
				_push(0x115fc88);
				_push(0x10d17f0);
				_push( *[fs:0x0]);
				_t1937 = _t1936 - 0x1a0;
				_push(_t1873);
				_t1068 =  *0x117d360;
				_v12 = _v12 ^ _t1068;
				_push(_t1068 ^ _t1935);
				 *[fs:0x0] =  &_v20;
				_v96 = __edx;
				_t1871 = __ecx;
				_v280 = __ecx;
				_v196 = 0;
				_v104 = 1;
				_v53 = 0;
				_v80 = 0;
				_v60 = 0;
				_v180 = 0;
				_t1518 = _a8 >> 3;
				if((__edx & 0x7d010f60) != 0 || _a4 >= 0x80000000) {
					_v104 = 0;
					 *_a16 = 4;
					_t1072 = _a4;
					__eflags = _t1072 - 0x7fffffff;
					if(_t1072 > 0x7fffffff) {
						_t1073 = 0;
						goto L157;
					}
					__eflags = _t1725 & 0x61000000;
					if((_t1725 & 0x61000000) != 0) {
						__eflags = _t1725 & 0x10000000;
						if(__eflags != 0) {
							goto L287;
						}
						_t1073 = E01142D82(_t1518, _t1540, _t1725, _t1871, _t1873, __eflags, _t1072);
						goto L157;
					}
					L287:
					__eflags = _t1072;
					if(_t1072 == 0) {
						_t1072 = 1;
					}
					_t1728 =  *((intOrPtr*)(_t1871 + 0x94)) + _t1072 &  *(_t1871 + 0x98);
					__eflags = _t1728 - 0x10;
					if(_t1728 < 0x10) {
						_t1728 = 0x10;
					}
					_a8 = _t1728;
					_t1074 = _v96;
					_t1546 = _t1074 >> 0x00000004 & 0xffffffe1 | 0x00000001;
					_v64 = _t1546;
					__eflags = _t1074 & 0x3c000100;
					if((_t1074 & 0x3c000100) == 0) {
						__eflags =  *(_t1871 + 0xbc);
						if( *(_t1871 + 0xbc) == 0) {
							goto L291;
						}
						goto L290;
					} else {
						L290:
						_t1546 = _t1546 | 0x00000002;
						_v64 = _t1546;
						_t1728 = _t1728 + 8;
						__eflags = _t1728;
						_a8 = _t1728;
						L291:
						_t1729 = _t1728 >> 3;
						_v52 = _t1729;
						goto L4;
					}
				} else {
					_t1546 = 1;
					_v64 = 1;
					_t1729 = _t1518;
					_v52 = _t1729;
					if(_t1729 < 2) {
						_a8 = _a8 + 8;
						_t1729 = 2;
						_v52 = 2;
					}
					 *_a16 = 3;
					_t1074 = _v96;
					L4:
					_t1876 = _t1074 & 0x00800000;
					if(_t1876 != 0) {
						_t1075 =  *[fs:0x30];
						__eflags =  *(_t1075 + 0x68) & 0x00000800;
						_t1074 = _v96;
						if(( *(_t1075 + 0x68) & 0x00000800) == 0) {
							_t1546 = _t1546 | 0x00000008;
							_v64 = _t1546;
						}
					}
					_v8 = 0;
					_t1946 = _t1074 & 0x00000001;
					if(_t1946 != 0) {
						L11:
						if(_t1729 >  *((intOrPtr*)(_t1871 + 0x5c))) {
							__eflags =  *(_t1871 + 0x40) & 0x00000002;
							if(( *(_t1871 + 0x40) & 0x00000002) == 0) {
								_v148 = 0xc0000023;
								L363:
								_v80 = 0;
								goto L153;
							}
							_t1521 = _a8 + 0x18;
							_a8 = _t1521;
							_a8 = _t1521;
							_t1880 = (E010B1164(_t1546) & 0x0000000f) << 0xc;
							_v352 = _t1880;
							_v200 = 0;
							_v204 = _a8 + 0x1000 + _t1880;
							_t1732 = 1;
							_t1546 = _t1871;
							_t1518 = E010B0678(_t1871, 1);
							_v356 = _t1518;
							_push(_t1518);
							_push(0x2000);
							_push( &_v204);
							_push(0);
							_push( &_v200);
							_push(0xffffffff);
							_t1074 = E010C9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								goto L153;
							}
							_v60 = _v200 + _t1880;
							_push(_t1518);
							_push(0x1000);
							_push( &_a8);
							_push(0);
							_push( &_v60);
							_push(0xffffffff);
							_t1074 = E010C9660();
							_v148 = _t1074;
							__eflags = _t1074;
							if(_t1074 < 0) {
								_v60 = 0;
								 *((intOrPtr*)(_t1871 + 0x214)) =  *((intOrPtr*)(_t1871 + 0x214)) + 1;
								goto L363;
							}
							 *((short*)(_v60 + 0x18)) = _a8 - _a4;
							 *(_v60 + 0x1a) = _v64 | 0x00000002;
							 *(_v60 + 0x10) = _a8;
							 *((intOrPtr*)(_v60 + 0x14)) = _v204;
							 *((char*)(_v60 + 0x1f)) = 4;
							 *((intOrPtr*)(_t1871 + 0x1f0)) =  *((intOrPtr*)(_t1871 + 0x1f0)) + _a8;
							_t1097 = E010A7D50();
							__eflags = _t1097;
							if(_t1097 != 0) {
								_t1100 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1100 = 0x7ffe0380;
							}
							__eflags =  *_t1100;
							if( *_t1100 != 0) {
								_t1101 =  *[fs:0x30];
								__eflags =  *(_t1101 + 0x240) & 0x00000001;
								if(( *(_t1101 + 0x240) & 0x00000001) != 0) {
									_t1732 = _v60;
									E0114138A(_t1518, _t1871, _v60, _a8, 9);
								}
							}
							_t1102 = E010A7D50();
							__eflags = _t1102;
							if(_t1102 != 0) {
								_t1105 =  *( *[fs:0x30] + 0x50) + 0x226;
							} else {
								_t1105 = 0x7ffe0380;
							}
							__eflags =  *_t1105;
							if( *_t1105 != 0) {
								_t1106 =  *[fs:0x30];
								__eflags =  *(_t1106 + 0x240) & 0x00000001;
								if(( *(_t1106 + 0x240) & 0x00000001) != 0) {
									__eflags = E010A7D50();
									if(__eflags == 0) {
										_t1137 = 0x7ffe0380;
									} else {
										_t1137 =  *( *[fs:0x30] + 0x50) + 0x226;
									}
									_t1732 = _v60;
									E01141582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1137 & 0x000000ff);
								}
							}
							_t1107 = E010A7D50();
							__eflags = _t1107;
							if(_t1107 != 0) {
								_t1110 =  *( *[fs:0x30] + 0x50) + 0x230;
							} else {
								_t1110 = 0x7ffe038a;
							}
							__eflags =  *_t1110;
							if( *_t1110 != 0) {
								__eflags = E010A7D50();
								if(__eflags == 0) {
									_t1112 = 0x7ffe038a;
								} else {
									_t1112 =  *( *[fs:0x30] + 0x50) + 0x230;
								}
								_t1732 = _v60;
								E01141582(_t1518, _t1871, _v60, __eflags, _a8,  *(_t1871 + 0x74) << 3,  *_t1112 & 0x000000ff);
							}
							__eflags =  *(_t1871 + 0x40) & 0x08000000;
							if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
								_t1559 = E010B16C7(1, _t1732) & 0x0000ffff;
								_v206 = _t1559;
								 *(_v60 + 8) = _t1559;
							}
							_t1120 =  *( *[fs:0x30] + 0x68);
							_v360 = _t1120;
							__eflags = _t1120 & 0x00000800;
							if((_t1120 & 0x00000800) != 0) {
								 *((short*)(_v60 + 0xa)) = E0112E9F0(_t1871, _v96 >> 0x00000012 & 0x000000ff, 0,  *(_v60 + 0x10) >> 3, 1);
							}
							_t1546 = _v60;
							__eflags =  *(_t1871 + 0x4c);
							if( *(_t1871 + 0x4c) != 0) {
								 *(_t1546 + 0x1b) =  *(_t1546 + 0x1a) ^  *(_t1546 + 0x19) ^  *(_t1546 + 0x18);
								_t737 = _t1546 + 0x18;
								 *_t737 =  *(_t1546 + 0x18) ^  *(_t1871 + 0x50);
								__eflags =  *_t737;
								_t1546 = _v60;
							}
							_t1127 = _t1871 + 0x9c;
							_t1734 =  *(_t1127 + 4);
							_t1881 =  *_t1734;
							__eflags = _t1881 - _t1127;
							if(_t1881 != _t1127) {
								_push(_t1546);
								_t1546 = 0xd;
								E0114A80D(0, _t1127, 0, _t1881);
							} else {
								 *_t1546 = _t1127;
								 *(_t1546 + 4) = _t1734;
								 *_t1734 = _t1546;
								 *(_t1127 + 4) = _t1546;
							}
							_t1074 = _v60 + 0x20;
							_v80 = _v60 + 0x20;
							goto L153;
						}
						if(_t1876 != 0) {
							L21:
							_t1145 = _a12;
							if(_t1145 == 0) {
								L23:
								_v228 = _t1871 + 0xc0;
								_t1564 =  *(_t1871 + 0xb4);
								_v36 = _t1564;
								while(1) {
									_t1522 =  *((intOrPtr*)(_t1564 + 4));
									if(_t1729 < _t1522) {
										_t1523 = _t1729;
										goto L26;
									}
									_t1147 =  *_t1564;
									__eflags = _t1147;
									if(_t1147 == 0) {
										_t1523 = _t1522 - 1;
										while(1) {
											L26:
											_v144 = _t1523;
											_t1524 = _t1523 -  *(_t1564 + 0x14);
											_t1882 = 0;
											_t1736 =  *(_t1564 + 0x18);
											_v40 = _t1736;
											_t1148 =  *((intOrPtr*)(_t1736 + 4));
											if(_t1736 == _t1148) {
												goto L311;
											}
											_t1424 = _t1148 + 0xfffffff8;
											_v32 = _t1424;
											_t1425 =  *_t1424;
											_v380 = _t1425;
											_t1671 = _t1425 & 0x0000ffff;
											if( *(_t1871 + 0x4c) != 0) {
												_t1846 =  *(_t1871 + 0x50) ^ _t1425;
												_v380 = _t1846;
												_t1453 = _t1846 & 0x0000ffff;
												_v44 = _t1453;
												_v68 = _t1453 & 0x0000ffff;
												_t1705 = _t1846 >> 0x00000010 ^ _t1846 >> 0x00000008 ^ _t1846;
												if(_t1846 >> 0x18 != _t1705) {
													_push(_t1705);
													E0114A80D(_t1871, _v32, 0, 0);
													_t1671 = _v44 & 0x0000ffff;
												} else {
													_t1671 = _v68;
												}
												_t1736 = _v40;
											}
											_t1673 = _v52 - (_t1671 & 0x0000ffff);
											_v300 = _t1673;
											if(_t1673 > 0) {
												_t1882 = _t1736;
												goto L48;
											} else {
												_t1428 =  *_t1736 + 0xfffffff8;
												_v32 = _t1428;
												_t1429 =  *_t1428;
												_v388 = _t1429;
												_t1674 = _t1429 & 0x0000ffff;
												if( *(_t1871 + 0x4c) != _t1882) {
													_t1842 =  *(_t1871 + 0x50) ^ _t1429;
													_v388 = _t1842;
													_t1447 = _t1842 & 0x0000ffff;
													_v44 = _t1447;
													_v68 = _t1447 & 0x0000ffff;
													_t1700 = _t1842 >> 0x00000010 ^ _t1842 >> 0x00000008 ^ _t1842;
													if(_t1842 >> 0x18 != _t1700) {
														_push(_t1700);
														E0114A80D(_t1871, _v32, 0, 0);
														_t1674 = _v44 & 0x0000ffff;
													} else {
														_t1674 = _v68;
													}
													_t1736 = _v40;
												}
												_t1676 = _v52 - (_t1674 & 0x0000ffff);
												_v304 = _t1676;
												_t1564 = _v36;
												if(_t1676 <= 0) {
													_t1882 =  *_t1736;
													goto L49;
												} else {
													if( *_t1564 != _t1882 || _v144 !=  *((intOrPtr*)(_t1564 + 4)) - 1) {
														_t1432 = _t1524 >> 5;
														_t1921 = ( *((intOrPtr*)(_t1564 + 4)) -  *(_t1564 + 0x14) >> 5) - 1;
														_t1836 =  *((intOrPtr*)(_t1564 + 0x1c)) + _t1432 * 4;
														_v32 = _t1524 & 0x0000001f;
														_t1535 =  !((1 << _v32) - 1) &  *_t1836;
														while(1) {
															_v224 = _t1836;
															_v184 = _t1432;
															if(_t1535 != 0) {
																break;
															}
															if(_t1432 > _t1921) {
																__eflags = _t1535;
																if(_t1535 != 0) {
																	break;
																}
																_t1564 = _v36;
																goto L167;
															} else {
																_t1836 =  &(_t1836[1]);
																_t1535 =  *_t1836;
																_t1432 = _t1432 + 1;
																continue;
															}
														}
														__eflags = _t1535;
														if(_t1535 != 0) {
															_t1678 = _t1535 & 0x000000ff;
															__eflags = _t1535;
															if(_t1535 == 0) {
																_t1681 = ( *((_t1535 >> 0x00000008 & 0x000000ff) + 0x10684d0) & 0x000000ff) + 8;
															} else {
																_t1681 =  *(_t1678 + 0x10684d0) & 0x000000ff;
															}
														} else {
															_t1686 = _t1535 >> 0x00000010 & 0x000000ff;
															__eflags = _t1686;
															if(_t1686 != 0) {
																_t1681 = ( *(_t1686 + 0x10684d0) & 0x000000ff) + 0x10;
															} else {
																_t97 = (_t1535 >> 0x18) + 0x10684d0; // 0x10008
																_t1681 = ( *_t97 & 0x000000ff) + 0x18;
																__eflags = _t1681;
															}
														}
														_t1434 = (_t1432 << 5) + _t1681;
														_v184 = _t1434;
														_t1682 = _v36;
														__eflags =  *(_t1682 + 8);
														if( *(_t1682 + 8) != 0) {
															_t1434 = _t1434 + _t1434;
														}
														_t1882 =  *( *((intOrPtr*)(_t1682 + 0x20)) + _t1434 * 4);
														goto L48;
													} else {
														__eflags =  *((intOrPtr*)(_t1564 + 8)) - _t1882;
														if( *((intOrPtr*)(_t1564 + 8)) != _t1882) {
															_t1524 = _t1524 + _t1524;
														}
														_t1538 =  *( *((intOrPtr*)(_t1564 + 0x20)) + _t1524 * 4);
														while(1) {
															__eflags = _t1736 - _t1538;
															if(_t1736 == _t1538) {
																break;
															}
															_t1438 =  *(_t1538 - 8);
															_v396 = _t1438;
															_t1689 = _t1438 & 0x0000ffff;
															__eflags =  *(_t1871 + 0x4c) - _t1882;
															if( *(_t1871 + 0x4c) != _t1882) {
																_t1838 =  *(_t1871 + 0x50) ^ _t1438;
																_v396 = _t1838;
																_t1440 = _t1838 & 0x0000ffff;
																_v32 = _t1440;
																_v44 = _t1440 & 0x0000ffff;
																_t1695 = _t1838 >> 0x00000010 ^ _t1838 >> 0x00000008 ^ _t1838;
																__eflags = _t1838 >> 0x18 - _t1695;
																if(_t1838 >> 0x18 != _t1695) {
																	_push(_t1695);
																	E0114A80D(_t1871, _t1538 - 8, 0, 0);
																	_t1689 = _v32 & 0x0000ffff;
																} else {
																	_t1689 = _v44;
																}
																_t1736 = _v40;
															}
															_t1691 = _v52 - (_t1689 & 0x0000ffff);
															_v308 = _t1691;
															__eflags = _t1691;
															if(_t1691 > 0) {
																_t1538 =  *_t1538;
																continue;
															} else {
																_t1882 = _t1538;
																break;
															}
														}
														L48:
														_t1564 = _v36;
														L49:
														__eflags = _t1882;
														if(_t1882 == 0) {
															L167:
															_t1564 =  *_t1564;
															_v36 = _t1564;
															_t1523 =  *(_t1564 + 0x14);
															continue;
														}
														_v312 = _t1882;
														__eflags = _v228 - _t1882;
														if(_v228 == _t1882) {
															L248:
															_t1546 = _t1871;
															_t1518 = E010AB236(_t1871, _a8);
															_v100 = _t1518;
															__eflags = _t1518;
															if(_t1518 == 0) {
																_v148 = 0xc0000017;
																goto L363;
															}
															_t540 = _t1518 + 8; // 0x8
															_t1738 = _t540;
															_t1883 =  *_t1738;
															_v32 = _t1883;
															_t1565 =  *(_t1518 + 0xc);
															_v88 = _t1565;
															_t1149 =  *_t1565;
															_t1566 =  *(_t1883 + 4);
															_v44 = _t1566;
															__eflags = _t1149 - _t1566;
															_t1567 = _v88;
															if(_t1149 != _t1566) {
																L536:
																_push(_t1567);
																_t1546 = 0xd;
																_t1074 = E0114A80D(_t1871, _t1738, _v44, _t1149);
																_v73 = 0;
																goto L153;
															}
															__eflags = _t1149 - _t1738;
															if(_t1149 != _t1738) {
																goto L536;
															}
															 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
															_t1740 =  *(_t1871 + 0xb4);
															__eflags = _t1740;
															if(_t1740 == 0) {
																L258:
																 *_t1567 = _t1883;
																 *(_t1883 + 4) = _t1567;
																__eflags =  *(_t1518 + 2) & 0x00000008;
																if(( *(_t1518 + 2) & 0x00000008) != 0) {
																	_t1151 = E010AA229(_t1871, _t1518);
																	__eflags = _t1151;
																	if(_t1151 != 0) {
																		goto L259;
																	}
																	_t1546 = _t1871;
																	_t1074 = E010AA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																	_v73 = 0;
																	goto L153;
																}
																L259:
																_v73 = 1;
																L76:
																_t1569 =  *(_t1518 + 2);
																_v71 = _t1569;
																__eflags = _v104;
																if(_v104 == 0) {
																	__eflags = _t1569 & 0x00000004;
																	if((_t1569 & 0x00000004) != 0) {
																		_t1905 = ( *_t1518 & 0x0000ffff) * 8 - 0x10;
																		_v244 = _t1905;
																		__eflags = _t1569 & 0x00000002;
																		if((_t1569 & 0x00000002) != 0) {
																			__eflags = _t1905 - 4;
																			if(_t1905 > 4) {
																				_t1905 = _t1905 - 4;
																				__eflags = _t1905;
																				_v244 = _t1905;
																			}
																		}
																		_t872 = _t1518 + 0x10; // 0x10
																		_t1373 = E010DD540(_t872, _t1905, 0xfeeefeee);
																		_v32 = _t1373;
																		__eflags = _t1373 - _t1905;
																		if(_t1373 != _t1905) {
																			_t1651 =  *[fs:0x30];
																			__eflags =  *(_t1651 + 0xc);
																			if( *(_t1651 + 0xc) == 0) {
																				_push("HEAP: ");
																				E0108B150();
																				_t1941 = _t1937 + 4;
																			} else {
																				E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																				_t1941 = _t1937 + 8;
																			}
																			_t1569 = _v100;
																			_push(_v32 + 0x10 + _t1569);
																			E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1569);
																			_t1937 = _t1941 + 0xc;
																			_t1379 =  *[fs:0x30];
																			__eflags =  *((char*)(_t1379 + 2));
																			if( *((char*)(_t1379 + 2)) == 0) {
																				_t1518 = _v100;
																			} else {
																				 *0x1176378 = 1;
																				_t1518 = _v100;
																				 *0x11760c0 = _t1518;
																				asm("int3");
																				 *0x1176378 = 0;
																			}
																		}
																	}
																}
																_v120 = _t1518;
																__eflags =  *(_t1518 + 2) & 0x00000001;
																if(( *(_t1518 + 2) & 0x00000001) != 0) {
																	_push(_t1569);
																	_t1546 = 3;
																	_t1074 = E0114A80D(_t1871, _t1518, 0, 0);
																	goto L153;
																} else {
																	 *(_t1518 + 2) = _v64;
																	_t1571 = _v52;
																	_t1885 = ( *_t1518 & 0x0000ffff) - _t1571;
																	_v320 = _t1885;
																	 *_t1518 = _t1571;
																	_t1743 = _a4;
																	_t1153 = _a8 - _t1743;
																	_v44 = _t1153;
																	__eflags = _t1153 - 0x3f;
																	if(_t1153 >= 0x3f) {
																		 *(_t1518 + _t1571 * 8 - 4) = _t1153;
																		 *(_t1518 + 7) = 0x3f;
																	} else {
																		 *(_t1518 + 7) = _t1153;
																	}
																	 *(_t1518 + 3) = 0;
																	__eflags = _t1885;
																	if(_t1885 == 0) {
																		L137:
																		_t1886 = _v120;
																		_v80 =  &(_t1886[4]);
																		_t1518 = ( *_t1886 & 0x0000ffff) * 8;
																		_v196 = _t1518;
																		__eflags = (_t1886[3] & 0x0000003f) - 0x3f;
																		if((_t1886[3] & 0x0000003f) == 0x3f) {
																			_t1158 = 1;
																		} else {
																			_t1158 = 0;
																			__eflags = 0;
																		}
																		_t1546 = _t1518;
																		__eflags = _t1158;
																		if(_t1158 != 0) {
																			_t1007 = _t1518 - 4; // -4
																			_t1546 = _t1007;
																			_t1518 = _t1546;
																			_v196 = _t1518;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1744 = _v96;
																			__eflags = _t1744 & 0x00000008;
																			if((_t1744 & 0x00000008) == 0) {
																				__eflags =  *(_t1871 + 0x40) & 0x00000040;
																				if(( *(_t1871 + 0x40) & 0x00000040) == 0) {
																					L296:
																					_t1525 = _a4;
																					L297:
																					__eflags =  *(_t1871 + 0x40) & 0x00000020;
																					if(( *(_t1871 + 0x40) & 0x00000020) != 0) {
																						_t1159 = _v80;
																						 *((intOrPtr*)(_t1159 + _t1525)) = 0xabababab;
																						 *((intOrPtr*)(_t1159 + _t1525 + 4)) = 0xabababab;
																						 *(_v120 + 2) =  *(_v120 + 2) | 0x00000004;
																					}
																					_t1887 = _v120;
																					 *(_t1887 + 3) = 0;
																					__eflags =  *(_t1887 + 2) & 0x00000002;
																					if(( *(_t1887 + 2) & 0x00000002) == 0) {
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v348 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) == 0) {
																							goto L301;
																						}
																						_t1518 = _v120;
																						_t1546 = _t1871;
																						 *(_t1887 + 3) = E0112E9F0(_t1871, _t1744 >> 0x00000012 & 0x000000ff, 0,  *_t1518 & 0x0000ffff, 0);
																						goto L302;
																					} else {
																						_t1546 = _t1887;
																						_t1526 = E01081F5B(_t1887);
																						_v276 = _t1526;
																						 *_t1526 = 0;
																						 *((intOrPtr*)(_t1526 + 4)) = 0;
																						__eflags =  *(_t1871 + 0x40) & 0x08000000;
																						if(( *(_t1871 + 0x40) & 0x08000000) != 0) {
																							_t1546 = 1;
																							 *_t1526 = E010B16C7(1, _t1744);
																							_t1744 = _v96;
																						}
																						_t1074 =  *( *[fs:0x30] + 0x68);
																						_v344 = _t1074;
																						__eflags = _t1074 & 0x00000800;
																						if((_t1074 & 0x00000800) != 0) {
																							_t1518 = _v120;
																							_t1074 = E0112E9F0(_t1871, _t1744 >> 0x00000012 & 0x00000fff, 0,  *_t1518 & 0x0000ffff, 0);
																							_t1546 = _v276;
																							 *(_v276 + 2) = _t1074;
																							goto L302;
																						} else {
																							L301:
																							_t1518 = _v120;
																							L302:
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								 *(_t1887 + 3) =  *(_t1518 + 1) ^  *_t1518 ^  *(_t1887 + 2);
																								_t1074 =  *(_t1871 + 0x50);
																								 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																							}
																							goto L153;
																						}
																					}
																				}
																				_t1525 = _a4;
																				E010DD5E0(_v80, _t1525 & 0xfffffffc, 0xbaadf00d);
																				_t1744 = _v96;
																				goto L297;
																			}
																			_t618 = _t1546 - 8; // -8
																			E010CFA60(_v80, 0, _t618);
																			_t1744 = _v96;
																			goto L296;
																		} else {
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1889 = _v120;
																				_t1889[0] = _t1889[0] ^ _t1889[0] ^  *_t1889;
																				 *_t1889 =  *_t1889 ^  *(_t1871 + 0x50);
																				__eflags =  *_t1889;
																			}
																			__eflags = _v53;
																			if(_v53 == 0) {
																				L152:
																				_t1074 = _v96;
																				__eflags = _t1074 & 0x00000008;
																				if((_t1074 & 0x00000008) != 0) {
																					_t398 = _t1518 - 8; // -8
																					_t1074 = E010CFA60(_v80, 0, _t398);
																				}
																				goto L153;
																			} else {
																				__eflags =  *(_t1871 + 0x44) & 0x01000000;
																				if(( *(_t1871 + 0x44) & 0x01000000) != 0) {
																					L149:
																					_t1888 =  *(_t1871 + 0xc8);
																					_t360 = _t1888 + 8;
																					 *_t360 =  *(_t1888 + 8) + 0xffffffff;
																					__eflags =  *_t360;
																					if( *_t360 != 0) {
																						L151:
																						_v53 = 0;
																						goto L152;
																					}
																					 *(_t1888 + 0xc) = 0;
																					_t1546 = _t1546 | 0xffffffff;
																					asm("lock cmpxchg [edx], ecx");
																					_t1750 = 0xfffffffe;
																					_v104 = 0xfffffffe;
																					__eflags = 0xfffffffe - 0xfffffffe;
																					if(0xfffffffe != 0xfffffffe) {
																						__eflags =  *(_t1888 + 4) & 0x00000001;
																						if(__eflags != 0) {
																							_push(_t1888);
																							E0111FF10(_t1518, 0xfffffffe, _t1871, _t1888, __eflags);
																							_t1750 = _v104;
																						}
																						while(1) {
																							__eflags = _t1750 & 0x00000002;
																							if((_t1750 & 0x00000002) == 0) {
																								_t1179 = 1;
																							} else {
																								_t1179 = 3;
																							}
																							_v88 = _t1179;
																							_t1546 = _t1179 + _t1750;
																							_t1180 = _t1750;
																							asm("lock cmpxchg [edx], ecx");
																							__eflags = _t1180 - _v104;
																							if(_t1180 == _v104) {
																								break;
																							}
																							_t1750 = _t1180;
																							_v104 = _t1750;
																						}
																						__eflags = _v88 & 0x00000002;
																						if((_v88 & 0x00000002) != 0) {
																							E01084DC0(_t1546, _t1888);
																						}
																					}
																					goto L151;
																				}
																				 *(_t1871 + 0x21c) =  *(_t1871 + 0x21c) + 1;
																				_t1546 =  *(_t1871 + 0x224);
																				__eflags =  *(_t1871 + 0x21c) - _t1546;
																				if( *(_t1871 + 0x21c) > _t1546) {
																					 *(_t1871 + 0x21c) = 0;
																					_t1753 =  *((intOrPtr*)(_t1871 + 0x1e8)) - ( *(_t1871 + 0x74) << 3);
																					__eflags = _t1753 -  *((intOrPtr*)(_t1871 + 0x238));
																					if(_t1753 >  *((intOrPtr*)(_t1871 + 0x238))) {
																						 *((intOrPtr*)(_t1871 + 0x238)) = _t1753;
																					}
																					 *((intOrPtr*)(_t1871 + 0x23c)) = _t1753;
																				}
																				 *(_t1871 + 0x228) =  *(_t1871 + 0x228) + 1;
																				__eflags =  *(_t1871 + 0x228) - 0x1000;
																				if( *(_t1871 + 0x228) >= 0x1000) {
																					__eflags =  *((char*)(_t1871 + 0xda)) - 2;
																					if( *((char*)(_t1871 + 0xda)) != 2) {
																						L364:
																						_t1182 = 0x10;
																						L360:
																						__eflags =  *(_t1871 + 0x220) - _t1182;
																						if( *(_t1871 + 0x220) > _t1182) {
																							__eflags = _t1546 - 0x10000;
																							if(_t1546 < 0x10000) {
																								 *(_t1871 + 0x224) = _t1546 + _t1546;
																							}
																						}
																						 *(_t1871 + 0x220) = 0;
																						 *(_t1871 + 0x228) = 0;
																						goto L149;
																					}
																					__eflags =  *((intOrPtr*)(_t1871 + 0x22c)) - 0x10;
																					if( *((intOrPtr*)(_t1871 + 0x22c)) <= 0x10) {
																						goto L364;
																					}
																					_t1182 = 0x100;
																					goto L360;
																				} else {
																					goto L149;
																				}
																			}
																		}
																	} else {
																		__eflags = _t1885 - 1;
																		if(_t1885 == 1) {
																			 *_t1518 =  *_t1518 + 1;
																			_t1192 = _a8 - _t1743 + 8;
																			_v68 = _t1192;
																			__eflags = _t1192 - 0x3f;
																			if(_t1192 >= 0x3f) {
																				 *(_t1518 + 4 + _t1571 * 8) = _t1192;
																				 *(_t1518 + 7) = 0x3f;
																			} else {
																				 *(_t1518 + 7) = _t1192;
																			}
																			goto L137;
																		}
																		__eflags = _v104;
																		if(_v104 == 0) {
																			_t1754 = 1;
																		} else {
																			_t1754 = 0;
																			__eflags = 0;
																		}
																		_v116 = _t1754;
																		_t1193 =  *((intOrPtr*)(_t1518 + 6));
																		__eflags = _t1193;
																		if(_t1193 != 0) {
																			_t1576 = (1 - (_t1193 & 0x000000ff) << 0x10) + (_t1518 & 0xffff0000);
																			_v48 = 1;
																		} else {
																			_t1576 = _t1871;
																			_v48 = _t1871;
																		}
																		_v248 = _t1576;
																		_v32 = _t1885;
																		_t1518 = _t1518 + _v52 * 8;
																		_v88 = 0;
																		 *(_t1518 + 2) = _v71;
																		 *(_t1518 + 7) = 0;
																		 *(_t1518 + 4) =  *(_t1871 + 0x54) ^ _v52;
																		__eflags =  *((intOrPtr*)(_t1576 + 0x18)) - _v48;
																		if( *((intOrPtr*)(_t1576 + 0x18)) != _v48) {
																			_t1205 = (_t1518 - _v48 >> 0x10) + 1;
																			_v32 = _t1205;
																			_v108 = _t1205;
																			__eflags = _t1205 - 0xfe;
																			if(_t1205 >= 0xfe) {
																				_push(_t1576);
																				E0114A80D( *((intOrPtr*)(_t1576 + 0x18)), _t1518, _t1576, 0);
																				_t1754 = _v116;
																				_t1205 = _v32;
																			}
																		} else {
																			_t1205 = 0;
																			__eflags = 0;
																		}
																		_v110 = _t1205;
																		 *((char*)(_t1518 + 6)) = _t1205;
																		 *(_t1518 + 3) = 0;
																		 *_t1518 = _t1885;
																		while(1) {
																			_t1577 = _t1518 + _t1885 * 8;
																			_t1209 =  *(_t1871 + 0x4c) >> 0x00000014 &  *(_t1871 + 0x52) ^ _t1577[1];
																			__eflags = _t1209 & 0x00000001;
																			if((_t1209 & 0x00000001) != 0) {
																				break;
																			}
																			__eflags =  *(_t1871 + 0x4c);
																			if( *(_t1871 + 0x4c) != 0) {
																				_t1760 =  *(_t1871 + 0x50) ^  *_t1577;
																				 *_t1577 = _t1760;
																				_t1599 = _t1760 >> 0x00000010 ^ _t1760 >> 0x00000008 ^ _t1760;
																				__eflags = _t1760 >> 0x18 - _t1599;
																				if(__eflags != 0) {
																					_push(_t1599);
																					E0113FA2B(_t1518, _t1871, _t1518 + _t1885 * 8, _t1871, _t1885, __eflags);
																				}
																				_t1577 = _t1518 + _t1885 * 8;
																			}
																			_t762 =  &(_t1577[4]); // 0x10a47f1
																			_t1755 = _t762;
																			_v32 = _t1755;
																			_v48 =  *_t1755;
																			_t765 =  &(_t1577[6]); // 0x18a164ff
																			_t1211 =  *_t765;
																			_v44 = _t1211;
																			_t1212 =  *_t1211;
																			_t768 = _v48 + 4; // 0x1475ffec
																			__eflags = _t1212 -  *_t768;
																			_t769 =  &(_t1577[4]); // 0x10a47f1
																			_t1757 = _t769;
																			if(_t1212 !=  *_t768) {
																				L523:
																				_push(_t1577);
																				_t998 = _v48 + 4; // 0x1475ffec
																				_t1546 = 0xd;
																				E0114A80D(_t1871, _t1757,  *_t998, _t1212);
																				goto L524;
																			} else {
																				__eflags = _t1212 - _t1757;
																				if(_t1212 != _t1757) {
																					goto L523;
																				}
																				 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1577 & 0x0000ffff);
																				_t1802 =  *(_t1871 + 0xb4);
																				__eflags = _t1802;
																				if(_t1802 == 0) {
																					L381:
																					_t1217 = _v48;
																					_t1803 = _v44;
																					 *_t1803 = _t1217;
																					 *((intOrPtr*)(_t1217 + 4)) = _t1803;
																					__eflags = _t1577[1] & 0x00000008;
																					if((_t1577[1] & 0x00000008) != 0) {
																						_t1218 = E010AA229(_t1871, _t1577);
																						__eflags = _t1218;
																						if(_t1218 != 0) {
																							goto L382;
																						}
																						_t1546 = _t1871;
																						E010AA309(_t1871, _t1518 + _t1885 * 8,  *(_t1518 + _t1885 * 8) & 0x0000ffff, 1);
																						L524:
																						_v72 = 0;
																						__eflags = _v88;
																						if(_v88 != 0) {
																							_v112 = 0;
																							 *( *[fs:0x18] + 0xbf4) = 0xc000003c;
																							_t1890 =  *[fs:0x18];
																							_v340 = _t1890;
																							 *((intOrPtr*)(_t1890 + 0x34)) = E0108CCC0(0xc000003c);
																							goto L153;
																						}
																						_v88 = 1;
																						_t1754 = _v116;
																						continue;
																					}
																					L382:
																					_v72 = 1;
																					_t1579 = _v116;
																					_t1805 = _t1518 + _t1885 * 8;
																					__eflags = _t1579;
																					if(_t1579 != 0) {
																						_t1219 = _t1805[1];
																						_v111 = _t1219;
																						__eflags = _t1219 & 0x00000004;
																						if((_t1219 & 0x00000004) != 0) {
																							_t1589 = _t1518 + _t1885 * 8;
																							_t1253 = ( *(_t1518 + _t1885 * 8) & 0x0000ffff) * 8 - 0x10;
																							_v192 = _t1253;
																							__eflags = _v111 & 0x00000002;
																							if((_v111 & 0x00000002) != 0) {
																								__eflags = _t1253 - 4;
																								if(_t1253 > 4) {
																									_t1253 = _t1253 - 4;
																									__eflags = _t1253;
																									_v192 = _t1253;
																								}
																							}
																							_t1255 = E010DD540( &(_t1589[8]), _t1253, 0xfeeefeee);
																							_v32 = _t1255;
																							__eflags = _t1255 - _v192;
																							if(_t1255 == _v192) {
																								_t1805 = _t1518 + _t1885 * 8;
																							} else {
																								_t1590 =  *[fs:0x30];
																								__eflags =  *(_t1590 + 0xc);
																								if( *(_t1590 + 0xc) == 0) {
																									_push("HEAP: ");
																									E0108B150();
																									_t1940 = _t1937 + 4;
																								} else {
																									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
																									_t1940 = _t1937 + 8;
																								}
																								_push(_v32 + 0x10 + _t1518 + _t1885 * 8);
																								E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t1518 + _t1885 * 8);
																								_t1937 = _t1940 + 0xc;
																								_t1261 =  *[fs:0x30];
																								_t1805 = _t1518 + _t1885 * 8;
																								__eflags =  *((char*)(_t1261 + 2));
																								if( *((char*)(_t1261 + 2)) != 0) {
																									 *0x1176378 = 1;
																									 *0x11760c0 = _t1805;
																									asm("int3");
																									 *0x1176378 = 0;
																								}
																							}
																							_t1579 = _v116;
																						}
																					}
																					 *(_t1518 + 2) = _t1805[1];
																					_t1807 = ( *_t1805 & 0x0000ffff) + _t1885;
																					_v32 = _t1807;
																					_t1221 = _t1807 & 0x0000ffff;
																					_v32 = _t1807 & 0x0000ffff;
																					__eflags = _t1807 - 0xfe00;
																					if(_t1807 > 0xfe00) {
																						E010AA830(_t1871, _t1518, _t1807);
																						goto L136;
																					} else {
																						 *_t1518 = _t1807;
																						_t1892 = _t1221;
																						 *(_t1518 + 4 + _t1807 * 8) =  *(_t1871 + 0x54) ^ _v32;
																						__eflags = _t1579;
																						if(_t1579 != 0) {
																							 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																							 *(_t1518 + 7) = 0;
																							__eflags =  *(_t1871 + 0x40) & 0x00000040;
																							if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																								_t969 = _t1518 + 0x10; // 0x10
																								E010DD5E0(_t969, _t1892 * 8 - 0x10, 0xfeeefeee);
																								_t970 = _t1518 + 2;
																								 *_t970 =  *(_t1518 + 2) | 0x00000004;
																								__eflags =  *_t970;
																							}
																							_t1227 = _t1871 + 0xc0;
																							__eflags =  *(_t1871 + 0xb4);
																							if( *(_t1871 + 0xb4) == 0) {
																								_t1581 =  *_t1227;
																							} else {
																								_t1581 = E010AE12C(_t1871, _t1892);
																								_t1227 = _t1871 + 0xc0;
																							}
																							while(1) {
																								__eflags = _t1227 - _t1581;
																								if(_t1227 == _t1581) {
																									break;
																								}
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) == 0) {
																									_t1811 =  *(_t1581 - 8);
																								} else {
																									_t1811 =  *(_t1581 - 8);
																									_v132 = _t1811;
																									__eflags =  *(_t1871 + 0x4c) & _t1811;
																									if(( *(_t1871 + 0x4c) & _t1811) != 0) {
																										_t1811 = _t1811 ^  *(_t1871 + 0x50);
																										_v132 = _t1811;
																									}
																								}
																								_v136 = _t1811;
																								__eflags = _t1892 - (_t1811 & 0x0000ffff);
																								if(_t1892 <= (_t1811 & 0x0000ffff)) {
																									break;
																								} else {
																									_t1581 =  *_t1581;
																									_t1227 = _t1871 + 0xc0;
																									continue;
																								}
																							}
																							_t986 = _t1518 + 8; // 0x8
																							_t1893 = _t986;
																							_t1228 =  *((intOrPtr*)(_t1581 + 4));
																							_t1809 =  *_t1228;
																							__eflags = _t1809 - _t1581;
																							if(_t1809 != _t1581) {
																								_push(_t1581);
																								__eflags = 0;
																								E0114A80D(0, _t1581, 0, _t1809);
																							} else {
																								 *_t1893 = _t1581;
																								 *((intOrPtr*)(_t1893 + 4)) = _t1228;
																								 *_t1228 = _t1893;
																								 *((intOrPtr*)(_t1581 + 4)) = _t1893;
																							}
																							 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																							_t1765 =  *(_t1871 + 0xb4);
																							__eflags = _t1765;
																							if(_t1765 == 0) {
																								L134:
																								__eflags =  *(_t1871 + 0x4c);
																								if( *(_t1871 + 0x4c) != 0) {
																									 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
																									__eflags =  *_t1518;
																								}
																								L136:
																								_v112 = 1;
																								_v71 = 0;
																								goto L137;
																							} else {
																								_t1583 =  *_t1518 & 0x0000ffff;
																								while(1) {
																									__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																									if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																										break;
																									}
																									_t1235 =  *_t1765;
																									__eflags = _t1235;
																									if(_t1235 != 0) {
																										_t1765 = _t1235;
																										continue;
																									}
																									_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																									__eflags = _t1236;
																									L520:
																									_v272 = _t1236;
																									L329:
																									E010AE4A0(_t1871, _t1765, 1, _t1893, _t1236, _t1583);
																									goto L134;
																								}
																								_t1236 = _t1583;
																								goto L520;
																							}
																						}
																						 *(_t1518 + 2) = _t1579;
																						 *(_t1518 + 7) = _t1579;
																						_t1244 = _t1871 + 0xc0;
																						__eflags =  *(_t1871 + 0xb4);
																						if( *(_t1871 + 0xb4) == 0) {
																							_t1586 =  *_t1244;
																						} else {
																							_t1586 = E010AE12C(_t1871, _t1892);
																							_t1244 = _t1871 + 0xc0;
																						}
																						while(1) {
																							__eflags = _t1244 - _t1586;
																							if(_t1244 == _t1586) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1813 =  *(_t1586 - 8);
																							} else {
																								_t1813 =  *(_t1586 - 8);
																								_v92 = _t1813;
																								__eflags =  *(_t1871 + 0x4c) & _t1813;
																								if(( *(_t1871 + 0x4c) & _t1813) != 0) {
																									_t1813 = _t1813 ^  *(_t1871 + 0x50);
																									_v92 = _t1813;
																								}
																							}
																							_v138 = _t1813;
																							__eflags = _t1892 - (_t1813 & 0x0000ffff);
																							if(_t1892 <= (_t1813 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1586 =  *_t1586;
																								_t1244 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t803 = _t1518 + 8; // 0x8
																						_t1893 = _t803;
																						_t1246 =  *((intOrPtr*)(_t1586 + 4));
																						_t1814 =  *_t1246;
																						__eflags = _t1814 - _t1586;
																						if(_t1814 != _t1586) {
																							_push(_t1586);
																							E0114A80D(0, _t1586, 0, _t1814);
																						} else {
																							 *_t1893 = _t1586;
																							 *((intOrPtr*)(_t1893 + 4)) = _t1246;
																							 *_t1246 = _t1893;
																							 *((intOrPtr*)(_t1586 + 4)) = _t1893;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1765 =  *(_t1871 + 0xb4);
																						__eflags = _t1765;
																						if(_t1765 == 0) {
																							goto L134;
																						} else {
																							_t1583 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																								if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																									break;
																								}
																								_t1249 =  *_t1765;
																								__eflags = _t1249;
																								if(_t1249 != 0) {
																									_t1765 = _t1249;
																									continue;
																								}
																								_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																								__eflags = _t1236;
																								L395:
																								_v268 = _t1236;
																								goto L329;
																							}
																							_t1236 = _t1583;
																							goto L395;
																						}
																					}
																				}
																				_t1594 =  *_t1577 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1594 -  *((intOrPtr*)(_t1802 + 4));
																					if(_t1594 <  *((intOrPtr*)(_t1802 + 4))) {
																						break;
																					}
																					_t1269 =  *_t1802;
																					__eflags = _t1269;
																					if(_t1269 != 0) {
																						_t1802 = _t1269;
																						continue;
																					}
																					_t1267 =  *((intOrPtr*)(_t1802 + 4)) - 1;
																					__eflags = _t1267;
																					L380:
																					_v264 = _t1267;
																					E010ABC04(_t1871, _t1802, 1, _v32, _t1267, _t1594);
																					_t1577 = _t1518 + _t1885 * 8;
																					goto L381;
																				}
																				_t1267 = _t1594;
																				goto L380;
																			}
																		}
																		_t1894 = _t1885 & 0x0000ffff;
																		_v48 = _t1894;
																		_t1577[2] =  *(_t1871 + 0x54) ^ _t1894;
																		__eflags = _t1754;
																		if(_t1754 != 0) {
																			 *(_t1518 + 2) =  *(_t1518 + 2) & 0x000000f0;
																			 *(_t1518 + 7) = 0;
																			__eflags =  *(_t1871 + 0x40) & 0x00000040;
																			if(( *(_t1871 + 0x40) & 0x00000040) != 0) {
																				_t911 = _t1518 + 0x10; // 0x10
																				E010DD5E0(_t911, _t1894 * 8 - 0x10, 0xfeeefeee);
																				 *(_t1518 + 2) =  *(_t1518 + 2) | 0x00000004;
																			}
																			_t1281 = _t1871 + 0xc0;
																			__eflags =  *(_t1871 + 0xb4);
																			if( *(_t1871 + 0xb4) == 0) {
																				_t1601 =  *_t1281;
																			} else {
																				_t1601 = E010AE12C(_t1871, _t1894);
																				_t1281 = _t1871 + 0xc0;
																			}
																			while(1) {
																				__eflags = _t1281 - _t1601;
																				if(_t1281 == _t1601) {
																					break;
																				}
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) == 0) {
																					_t1766 =  *(_t1601 - 8);
																				} else {
																					_t1766 =  *(_t1601 - 8);
																					_v156 = _t1766;
																					__eflags =  *(_t1871 + 0x4c) & _t1766;
																					if(( *(_t1871 + 0x4c) & _t1766) != 0) {
																						_t1766 = _t1766 ^  *(_t1871 + 0x50);
																						__eflags = _t1766;
																						_v156 = _t1766;
																					}
																				}
																				_v134 = _t1766;
																				__eflags = _t1894 - (_t1766 & 0x0000ffff);
																				if(_t1894 > (_t1766 & 0x0000ffff)) {
																					_t1601 =  *_t1601;
																					_t1281 = _t1871 + 0xc0;
																					continue;
																				} else {
																					break;
																				}
																			}
																			_t674 = _t1518 + 8; // 0x8
																			_t1893 = _t674;
																			_t1282 =  *((intOrPtr*)(_t1601 + 4));
																			_t1763 =  *_t1282;
																			__eflags = _t1763 - _t1601;
																			if(_t1763 != _t1601) {
																				_push(_t1601);
																				E0114A80D(0, _t1601, 0, _t1763);
																			} else {
																				 *_t1893 = _t1601;
																				 *((intOrPtr*)(_t1893 + 4)) = _t1282;
																				 *_t1282 = _t1893;
																				 *((intOrPtr*)(_t1601 + 4)) = _t1893;
																			}
																			 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																			_t1765 =  *(_t1871 + 0xb4);
																			__eflags = _t1765;
																			if(_t1765 == 0) {
																				goto L134;
																			} else {
																				_t1583 =  *_t1518 & 0x0000ffff;
																				while(1) {
																					__eflags = _t1583 -  *((intOrPtr*)(_t1765 + 4));
																					if(_t1583 <  *((intOrPtr*)(_t1765 + 4))) {
																						break;
																					}
																					_t1285 =  *_t1765;
																					__eflags = _t1285;
																					if(_t1285 == 0) {
																						_t1236 =  *((intOrPtr*)(_t1765 + 4)) - 1;
																						L328:
																						_v260 = _t1236;
																						goto L329;
																					}
																					_t1765 = _t1285;
																				}
																				_t1236 = _t1583;
																				goto L328;
																			}
																		}
																		 *(_t1518 + 2) = _t1754;
																		 *(_t1518 + 7) = _t1754;
																		_t1289 = _t1871 + 0xc0;
																		_t1604 =  *(_t1871 + 0xb4);
																		_v36 = _t1604;
																		__eflags = _t1604;
																		if(_t1604 == 0) {
																			_t1895 =  *_t1289;
																			goto L119;
																		} else {
																			while(1) {
																				_t1315 =  *((intOrPtr*)(_t1604 + 4));
																				__eflags = _t1894 - _t1315;
																				if(_t1894 < _t1315) {
																					_v172 = _t1894;
																					_t1316 = _t1894;
																					break;
																				}
																				_t1784 =  *_t1604;
																				__eflags = _t1784;
																				if(_t1784 == 0) {
																					_t1316 = _t1315 - 1;
																					__eflags = _t1316;
																					L201:
																					_v172 = _t1316;
																					break;
																				} else {
																					_t1604 = _t1784;
																					_v36 = _t1604;
																					continue;
																				}
																			}
																			_v64 = _t1316;
																			_v52 = _t1316 -  *(_t1604 + 0x14);
																			_t1785 =  *(_t1604 + 0x18);
																			_v40 = _t1785;
																			_t1318 =  *((intOrPtr*)(_t1785 + 4));
																			__eflags = _t1785 - _t1318;
																			if(_t1785 == _t1318) {
																				_t1895 = _t1785;
																			} else {
																				_t1319 = _t1318 + 0xfffffff8;
																				_v32 = _t1319;
																				_t1320 =  *_t1319;
																				_v412 = _t1320;
																				_t1617 = _t1320 & 0x0000ffff;
																				__eflags =  *(_t1871 + 0x4c);
																				if( *(_t1871 + 0x4c) != 0) {
																					_t1799 =  *(_t1871 + 0x50) ^ _t1320;
																					_v412 = _t1799;
																					_t1364 = _t1799 & 0x0000ffff;
																					_v44 = _t1364;
																					_v68 = _t1364 & 0x0000ffff;
																					_t1648 = _t1799 >> 0x00000010 ^ _t1799 >> 0x00000008 ^ _t1799;
																					__eflags = _t1799 >> 0x18 - _t1648;
																					if(_t1799 >> 0x18 != _t1648) {
																						_push(_t1648);
																						E0114A80D(_t1871, _v32, 0, 0);
																						_t1617 = _v44 & 0x0000ffff;
																					} else {
																						_t1617 = _v68;
																					}
																					_t1785 = _v40;
																				}
																				_t1619 = _v48 - (_t1617 & 0x0000ffff);
																				_v324 = _t1619;
																				__eflags = _t1619;
																				if(_t1619 > 0) {
																					_t1895 = _t1785;
																					L116:
																					_t1604 = _v36;
																				} else {
																					_t1323 =  *_t1785 + 0xfffffff8;
																					_v32 = _t1323;
																					_t1324 =  *_t1323;
																					_v420 = _t1324;
																					_t1620 = _t1324 & 0x0000ffff;
																					__eflags =  *(_t1871 + 0x4c);
																					if( *(_t1871 + 0x4c) != 0) {
																						_t1795 =  *(_t1871 + 0x50) ^ _t1324;
																						_v420 = _t1795;
																						_t1358 = _t1795 & 0x0000ffff;
																						_v44 = _t1358;
																						_v68 = _t1358 & 0x0000ffff;
																						_t1643 = _t1795 >> 0x00000010 ^ _t1795 >> 0x00000008 ^ _t1795;
																						__eflags = _t1795 >> 0x18 - _t1643;
																						if(_t1795 >> 0x18 != _t1643) {
																							_push(_t1643);
																							E0114A80D(_t1871, _v32, 0, 0);
																							_t1620 = _v44 & 0x0000ffff;
																						} else {
																							_t1620 = _v68;
																						}
																						_t1785 = _v40;
																					}
																					_t1622 = _v48 - (_t1620 & 0x0000ffff);
																					_v328 = _t1622;
																					__eflags = _t1622;
																					_t1604 = _v36;
																					if(_t1622 <= 0) {
																						_t1895 =  *_t1785;
																						L117:
																						__eflags = _t1895;
																						if(_t1895 == 0) {
																							L211:
																							_t1604 =  *_t1604;
																							_v36 = _t1604;
																							_t1316 =  *(_t1604 + 0x14);
																							goto L201;
																						}
																						_t1289 = _t1871 + 0xc0;
																						L119:
																						_t1605 = _v48;
																						while(1) {
																							__eflags = _t1289 - _t1895;
																							if(_t1289 == _t1895) {
																								break;
																							}
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) == 0) {
																								_t1768 =  *(_t1895 - 8);
																							} else {
																								_t1768 =  *(_t1895 - 8);
																								_v164 = _t1768;
																								__eflags =  *(_t1871 + 0x4c) & _t1768;
																								if(( *(_t1871 + 0x4c) & _t1768) != 0) {
																									_t1768 = _t1768 ^  *(_t1871 + 0x50);
																									__eflags = _t1768;
																									_v164 = _t1768;
																								}
																							}
																							_v166 = _t1768;
																							__eflags = _t1605 - (_t1768 & 0x0000ffff);
																							if(_t1605 <= (_t1768 & 0x0000ffff)) {
																								break;
																							} else {
																								_t1895 =  *_t1895;
																								_t1289 = _t1871 + 0xc0;
																								continue;
																							}
																						}
																						_t283 = _t1518 + 8; // 0x8
																						_t1291 = _t283;
																						_t1606 =  *(_t1895 + 4);
																						_t1769 =  *_t1606;
																						__eflags = _t1769 - _t1895;
																						if(_t1769 != _t1895) {
																							_push(_t1606);
																							E0114A80D(0, _t1895, 0, _t1769);
																						} else {
																							 *_t1291 = _t1895;
																							_t1291[1] = _t1606;
																							 *_t1606 = _t1291;
																							 *(_t1895 + 4) = _t1291;
																						}
																						 *(_t1871 + 0x74) =  *(_t1871 + 0x74) + ( *_t1518 & 0x0000ffff);
																						_t1608 =  *(_t1871 + 0xb4);
																						_v48 = _t1608;
																						__eflags = _t1608;
																						if(_t1608 == 0) {
																							goto L134;
																						} else {
																							_t1896 =  *_t1518 & 0x0000ffff;
																							while(1) {
																								_t1294 =  *((intOrPtr*)(_t1608 + 4));
																								__eflags = _t1896 - _t1294;
																								if(_t1896 < _t1294) {
																									break;
																								}
																								_t1771 =  *_t1608;
																								__eflags = _t1771;
																								if(_t1771 == 0) {
																									_t1295 = _t1294 - 1;
																									_v256 = _t1295;
																									L127:
																									_v88 = _t1295;
																									_t1773 = _t1295 -  *((intOrPtr*)(_t1608 + 0x14));
																									_v40 = _t1773;
																									__eflags =  *(_t1608 + 8);
																									if( *(_t1608 + 8) != 0) {
																										_v36 = _t1773 + _t1773;
																									} else {
																										_v36 = _t1773;
																									}
																									 *((intOrPtr*)(_t1608 + 0xc)) =  *((intOrPtr*)(_t1608 + 0xc)) + 1;
																									_v128 =  *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4);
																									__eflags = _v88 -  *((intOrPtr*)(_t1608 + 4)) - 1;
																									_t1775 = _v40;
																									if(_v88 ==  *((intOrPtr*)(_t1608 + 4)) - 1) {
																										 *((intOrPtr*)(_t1608 + 0x10)) =  *((intOrPtr*)(_t1608 + 0x10)) + 1;
																									}
																									_t1301 = _v128;
																									__eflags = _t1301;
																									if(_t1301 != 0) {
																										_t1302 = _t1301 + 0xfffffff8;
																										_v32 = _t1302;
																										_t1303 =  *_t1302;
																										_v436 = _t1303;
																										_v64 = _t1303 & 0x0000ffff;
																										__eflags =  *(_t1871 + 0x4c);
																										_t1775 = _v40;
																										if( *(_t1871 + 0x4c) != 0) {
																											_t1781 =  *(_t1871 + 0x50) ^ _t1303;
																											_v436 = _t1781;
																											_t1309 = _t1781 & 0x0000ffff;
																											_v44 = _t1309;
																											_v64 = _t1309 & 0x0000ffff;
																											_t1614 = _t1781 >> 0x00000010 ^ _t1781 >> 0x00000008 ^ _t1781;
																											__eflags = _t1781 >> 0x18 - _t1614;
																											if(_t1781 >> 0x18 != _t1614) {
																												_push(_t1614);
																												E0114A80D(_t1871, _v32, 0, 0);
																												_v64 = _v44 & 0x0000ffff;
																											}
																											_t1775 = _v40;
																											_t1608 = _v48;
																										}
																										_t1897 = _t1896 - (_v64 & 0x0000ffff);
																										_v336 = _t1897;
																										__eflags = _t1897;
																										if(_t1897 <= 0) {
																											goto L131;
																										} else {
																											goto L132;
																										}
																									} else {
																										L131:
																										_t310 = _t1518 + 8; // 0x8
																										 *( *((intOrPtr*)(_t1608 + 0x20)) + _v36 * 4) = _t310;
																										L132:
																										__eflags = _v128;
																										if(_v128 == 0) {
																											_t1900 = _t1775 >> 5;
																											_v40 = _t1775 & 0x0000001f;
																											_t318 = _v48 + 0x1c; // 0xffffbba0
																											_t1308 =  *_t318;
																											_t319 = _t1308 + _t1900 * 4;
																											 *_t319 =  *(_t1308 + _t1900 * 4) | 0x00000001 << _v40;
																											__eflags =  *_t319;
																										}
																										goto L134;
																									}
																								}
																								_t1608 = _t1771;
																								_v48 = _t1608;
																							}
																							_v256 = _t1896;
																							_t1295 = _t1896;
																							goto L127;
																						}
																					}
																					__eflags =  *_t1604;
																					if( *_t1604 == 0) {
																						__eflags = _v64 -  *((intOrPtr*)(_t1604 + 4)) - 1;
																						if(_v64 !=  *((intOrPtr*)(_t1604 + 4)) - 1) {
																							goto L107;
																						}
																						__eflags =  *(_t1604 + 8);
																						if( *(_t1604 + 8) != 0) {
																							_v52 = _v52 + _v52;
																						}
																						_t1347 =  *((intOrPtr*)( *((intOrPtr*)(_t1604 + 0x20)) + _v52 * 4));
																						while(1) {
																							_v64 = _t1347;
																							__eflags = _t1785 - _t1347;
																							if(_t1785 == _t1347) {
																								goto L116;
																							}
																							_t1348 = _t1347 + 0xfffffff8;
																							_v32 = _t1348;
																							_t1349 =  *_t1348;
																							_v428 = _t1349;
																							_t1632 = _t1349 & 0x0000ffff;
																							__eflags =  *(_t1871 + 0x4c);
																							if( *(_t1871 + 0x4c) != 0) {
																								_t1791 =  *(_t1871 + 0x50) ^ _t1349;
																								_v428 = _t1791;
																								_t1352 = _t1791 & 0x0000ffff;
																								_v44 = _t1352;
																								_v68 = _t1352 & 0x0000ffff;
																								_t1638 = _t1791 >> 0x00000010 ^ _t1791 >> 0x00000008 ^ _t1791;
																								__eflags = _t1791 >> 0x18 - _t1638;
																								if(_t1791 >> 0x18 != _t1638) {
																									_push(_t1638);
																									E0114A80D(_t1871, _v32, 0, 0);
																									_t1632 = _v44 & 0x0000ffff;
																								} else {
																									_t1632 = _v68;
																								}
																								_t1785 = _v40;
																							}
																							_t1634 = _v48 - (_t1632 & 0x0000ffff);
																							_v332 = _t1634;
																							__eflags = _t1634;
																							if(_t1634 > 0) {
																								_t1347 =  *_v64;
																								continue;
																							} else {
																								_t1895 = _v64;
																								_t1604 = _v36;
																								goto L117;
																							}
																						}
																						goto L116;
																					}
																					L107:
																					_t1787 = _v52 >> 5;
																					_v44 = ( *((intOrPtr*)(_t1604 + 4)) -  *(_t1604 + 0x14) >> 5) - 1;
																					_t1333 =  *((intOrPtr*)(_t1604 + 0x1c)) + _t1787 * 4;
																					_v32 = 1;
																					_t1628 =  !((1 << (_v52 & 0x0000001f)) - 1) &  *_t1333;
																					__eflags = _t1628;
																					_t1904 = _v44;
																					while(1) {
																						_v252 = _t1333;
																						_v188 = _t1787;
																						__eflags = _t1628;
																						if(_t1628 != 0) {
																							break;
																						}
																						__eflags = _t1787 - _t1904;
																						if(_t1787 > _t1904) {
																							__eflags = _t1628;
																							if(_t1628 != 0) {
																								break;
																							}
																							_t1604 = _v36;
																							goto L211;
																						} else {
																							_t1333 =  &(_t1333[1]);
																							_t1628 =  *_t1333;
																							_t1787 = _t1787 + 1;
																							continue;
																						}
																					}
																					__eflags = _t1628;
																					if(_t1628 == 0) {
																						_t1336 = _t1628 >> 0x00000010 & 0x000000ff;
																						__eflags = _t1336;
																						if(_t1336 != 0) {
																							_t1338 = ( *(_t1336 + 0x10684d0) & 0x000000ff) + 0x10;
																						} else {
																							_t424 = (_t1628 >> 0x18) + 0x10684d0; // 0x10008
																							_t1338 = ( *_t424 & 0x000000ff) + 0x18;
																						}
																					} else {
																						_t1341 = _t1628 & 0x000000ff;
																						__eflags = _t1628;
																						if(_t1628 == 0) {
																							_t1338 = ( *((_t1628 >> 0x00000008 & 0x000000ff) + 0x10684d0) & 0x000000ff) + 8;
																						} else {
																							_t1338 =  *(_t1341 + 0x10684d0) & 0x000000ff;
																						}
																					}
																					_t1789 = (_t1787 << 5) + _t1338;
																					_v188 = _t1789;
																					_t1604 = _v36;
																					__eflags =  *(_t1604 + 8);
																					if( *(_t1604 + 8) != 0) {
																						_t1789 = _t1789 + _t1789;
																					}
																					_t1895 =  *( *((intOrPtr*)(_t1604 + 0x20)) + _t1789 * 4);
																				}
																			}
																			goto L117;
																		}
																	}
																}
															}
															_t1654 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t550 = _t1740 + 4; // 0x0
																_t1384 =  *_t550;
																__eflags = _t1654 - _t1384;
																if(_t1654 < _t1384) {
																	break;
																}
																_t1906 =  *_t1740;
																_v44 = _t1906;
																__eflags = _t1906;
																_t1883 = _v32;
																if(_t1906 == 0) {
																	_t554 = _t1384 - 1; // -1
																	_t1654 = _t554;
																	break;
																}
																_t1740 = _v44;
															}
															_v240 = _t1654;
															_t556 = _t1518 + 8; // 0x8
															E010ABC04(_t1871, _t1740, 1, _t556, _t1654,  *_t1518 & 0x0000ffff);
															_t1567 = _v88;
															goto L258;
														}
														_t1518 = _t1882 - 8;
														_v100 = _t1518;
														__eflags =  *(_t1871 + 0x4c);
														if( *(_t1871 + 0x4c) != 0) {
															 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
															if(__eflags != 0) {
																_push(_t1564);
																E0113FA2B(_t1518, _t1871, _t1518, _t1871, _t1882, __eflags);
															}
														}
														_t1656 =  *_t1518 & 0x0000ffff;
														__eflags = _t1656 - _v52;
														if(_t1656 < _v52) {
															__eflags =  *(_t1871 + 0x4c);
															if( *(_t1871 + 0x4c) != 0) {
																 *(_t1518 + 3) =  *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518;
																 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
															}
															goto L248;
														}
														_t115 = _t1518 + 8; // 0x8
														_t1392 = _t115;
														_v44 = _t1392;
														_t1393 =  *_t1392;
														_v160 = _t1393;
														_t1820 =  *(_t1518 + 0xc);
														_v152 = _t1820;
														_t1821 =  *_t1820;
														_t1907 =  *((intOrPtr*)(_t1393 + 4));
														__eflags = _t1821 - _t1907;
														if(_t1821 != _t1907) {
															L440:
															_push(_t1656);
															_t858 = _t1518 + 8; // 0x8
															_t1546 = 0xd;
															_t1074 = E0114A80D(_t1871, _t858, _t1907, _t1821);
															_v70 = 0;
															goto L153;
														}
														_t121 = _t1518 + 8; // 0x8
														__eflags = _t1821 - _t121;
														if(_t1821 != _t121) {
															goto L440;
														}
														 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - _t1656;
														_t1657 =  *(_t1871 + 0xb4);
														_v36 = _t1657;
														__eflags = _t1657;
														if(_t1657 == 0) {
															L74:
															_t1396 = _v160;
															_t1658 = _v152;
															 *_t1658 = _t1396;
															 *(_t1396 + 4) = _t1658;
															__eflags =  *(_t1518 + 2) & 0x00000008;
															if(( *(_t1518 + 2) & 0x00000008) != 0) {
																_t1397 = E010AA229(_t1871, _t1518);
																__eflags = _t1397;
																if(_t1397 != 0) {
																	goto L75;
																}
																_t1546 = _t1871;
																_t1074 = E010AA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
																_v70 = 0;
																goto L153;
															}
															L75:
															_v70 = 1;
															goto L76;
														} else {
															_t1825 =  *_t1518 & 0x0000ffff;
															while(1) {
																_t1399 =  *((intOrPtr*)(_t1657 + 4));
																__eflags = _t1825 - _t1399;
																if(_t1825 < _t1399) {
																	break;
																}
																_t1908 =  *_t1657;
																__eflags = _t1908;
																if(_t1908 == 0) {
																	_t427 = _t1399 - 1; // -1
																	_t1825 = _t427;
																	break;
																} else {
																	_t1657 = _t1908;
																	_v36 = _t1657;
																	continue;
																}
															}
															_v232 = _t1825;
															_v108 =  *_t1518 & 0x0000ffff;
															_t1910 = _t1825 -  *((intOrPtr*)(_t1657 + 0x14));
															_v40 = _t1910;
															__eflags =  *(_t1657 + 8);
															if( *(_t1657 + 8) != 0) {
																_t1401 = _t1910 + _t1910;
															} else {
																_t1401 = _t1910;
															}
															_t1911 = _t1401 * 4;
															_v88 = _t1911;
															_t1403 =  *((intOrPtr*)(_t1657 + 0x20)) + _t1911;
															_v128 = _t1403;
															_v32 =  *_t1403;
															 *((intOrPtr*)(_t1657 + 0xc)) =  *((intOrPtr*)(_t1657 + 0xc)) - 1;
															_t1405 =  *((intOrPtr*)(_t1657 + 4));
															_t140 = _t1405 - 1; // -1
															_t1912 = _t140;
															_v68 = _t1912;
															__eflags = _t1825 - _t1912;
															if(_t1825 == _t1912) {
																 *((intOrPtr*)(_t1657 + 0x10)) =  *((intOrPtr*)(_t1657 + 0x10)) - 1;
															}
															__eflags = _v32 - _v44;
															if(_v32 != _v44) {
																goto L74;
															} else {
																_v236 = _t1405;
																__eflags =  *_t1657;
																if( *_t1657 == 0) {
																	_t1405 = _v68;
																	_v236 = _t1405;
																}
																_v48 =  *(_t1518 + 8);
																_v32 =  *((intOrPtr*)(_t1657 + 0x18));
																__eflags = _t1825 - _t1405;
																_t1916 = _v40;
																if(_t1825 >= _t1405) {
																	_t1406 = _v48;
																	_t1660 = _v128;
																	__eflags = _t1406 - _v32;
																	if(_t1406 != _v32) {
																		 *_t1660 = _t1406;
																		goto L74;
																	}
																	 *_t1660 = 0;
																	L73:
																	_t1917 = _t1916 >> 5;
																	_t1408 =  *((intOrPtr*)(_v36 + 0x1c));
																	_t172 = _t1408 + _t1917 * 4;
																	 *_t172 =  *(_t1408 + _t1917 * 4) &  !(1 << (_v40 & 0x0000001f));
																	__eflags =  *_t172;
																	goto L74;
																}
																_t1829 = _v48;
																__eflags = _t1829 -  *((intOrPtr*)(_t1657 + 0x18));
																if(_t1829 ==  *((intOrPtr*)(_t1657 + 0x18))) {
																	L72:
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = 0;
																	goto L73;
																}
																_t1410 = _t1829 - 8;
																_v32 = _t1410;
																_t1411 =  *_t1410;
																_v404 = _t1411;
																_t1527 = _t1411 & 0x0000ffff;
																__eflags =  *(_t1871 + 0x4c);
																if( *(_t1871 + 0x4c) != 0) {
																	_t1831 =  *(_t1871 + 0x50) ^ _t1411;
																	_v404 = _t1831;
																	_t1414 = _t1831 & 0x0000ffff;
																	_v44 = _t1414;
																	_t1527 = _t1414 & 0x0000ffff;
																	_t1668 = _t1831 >> 0x00000010 ^ _t1831 >> 0x00000008 ^ _t1831;
																	__eflags = _t1831 >> 0x18 - _t1668;
																	if(_t1831 >> 0x18 != _t1668) {
																		_push(_t1668);
																		E0114A80D(_t1871, _v32, 0, 0);
																		_t1527 = _v44 & 0x0000ffff;
																	}
																	_t1829 = _v48;
																	_t1657 = _v36;
																}
																_t1529 = _v108 - (_t1527 & 0x0000ffff);
																__eflags = _t1529;
																_v316 = _t1529;
																if(_t1529 == 0) {
																	 *(_v88 +  *((intOrPtr*)(_t1657 + 0x20))) = _t1829;
																	_t1518 = _v100;
																	goto L74;
																} else {
																	_t1518 = _v100;
																	goto L72;
																}
															}
														}
													}
												}
											}
											L311:
											_t1882 = _t1736;
											goto L49;
										}
									}
									_t1564 = _t1147;
									_v36 = _t1147;
								}
								goto L26;
							}
							_t1922 =  *_t1145;
							if(_t1922 != 0) {
								_t1518 = _t1922 - 8;
								_v100 = _t1518;
								__eflags =  *(_t1871 + 0x4c);
								if( *(_t1871 + 0x4c) != 0) {
									 *_t1518 =  *_t1518 ^  *(_t1871 + 0x50);
									__eflags =  *(_t1518 + 3) - ( *(_t1518 + 2) ^  *(_t1518 + 1) ^  *_t1518);
									if(__eflags != 0) {
										_push(_t1546);
										E0113FA2B(_t1518, _t1871, _t1518, _t1871, _t1922, __eflags);
									}
								}
								_t460 = _t1518 + 8; // 0xddeeddf6
								_t1459 = _t460;
								_v160 = _t1459;
								_t1707 =  *_t1459;
								_v44 = _t1707;
								_t1460 =  *(_t1518 + 0xc);
								_v32 = _t1460;
								_t1461 =  *_t1460;
								_t1708 =  *((intOrPtr*)(_t1707 + 4));
								__eflags = _t1461 - _t1708;
								if(_t1461 != _t1708) {
									L429:
									_push(_t1708);
									_t1546 = 0xd;
									E0114A80D(_t1871, _t1922, _t1708, _t1461);
									goto L430;
								} else {
									__eflags = _t1461 - _t1922;
									if(_t1461 != _t1922) {
										goto L429;
									}
									 *(_t1871 + 0x74) =  *(_t1871 + 0x74) - ( *_t1518 & 0x0000ffff);
									_t1709 =  *(_t1871 + 0xb4);
									_v36 = _t1709;
									__eflags = _t1709;
									if(_t1709 == 0) {
										L235:
										_t1465 = _v44;
										_t1710 = _v32;
										 *_t1710 = _t1465;
										 *(_t1465 + 4) = _t1710;
										__eflags =  *(_t1518 + 2) & 0x00000008;
										if(( *(_t1518 + 2) & 0x00000008) != 0) {
											_t1466 = E010AA229(_t1871, _t1518);
											__eflags = _t1466;
											if(_t1466 != 0) {
												goto L236;
											}
											_t1546 = _t1871;
											E010AA309(_t1871, _t1518,  *_t1518 & 0x0000ffff, 1);
											L430:
											_v69 = 0;
											 *( *[fs:0x18] + 0xbf4) = 0xc0000017;
											_t1923 =  *[fs:0x18];
											_v296 = _t1923;
											 *((intOrPtr*)(_t1923 + 0x34)) = E0108CCC0(0xc0000017);
											goto L153;
										}
										L236:
										_v69 = 1;
										goto L76;
									}
									_t1852 =  *_t1518 & 0x0000ffff;
									while(1) {
										_t1469 =  *((intOrPtr*)(_t1709 + 4));
										__eflags = _t1852 - _t1469;
										if(_t1852 < _t1469) {
											break;
										}
										_t1924 =  *_t1709;
										__eflags = _t1924;
										if(_t1924 == 0) {
											_t838 = _t1469 - 1; // -1
											_t1852 = _t838;
											break;
										}
										_t1709 = _t1924;
										_v36 = _t1709;
									}
									_v220 = _t1852;
									_v68 =  *_t1518 & 0x0000ffff;
									_t1926 = _t1852 -  *((intOrPtr*)(_t1709 + 0x14));
									_v40 = _t1926;
									__eflags =  *(_t1709 + 8);
									if( *(_t1709 + 8) != 0) {
										_t1471 = _t1926 + _t1926;
									} else {
										_t1471 = _t1926;
									}
									_t1927 = _t1471 * 4;
									_v128 = _t1927;
									_t1473 =  *((intOrPtr*)(_t1709 + 0x20)) + _t1927;
									_v88 = _t1473;
									_v152 =  *_t1473;
									 *((intOrPtr*)(_t1709 + 0xc)) =  *((intOrPtr*)(_t1709 + 0xc)) - 1;
									_t1475 =  *((intOrPtr*)(_t1709 + 4));
									_v48 = _t1475;
									_t485 = _t1475 - 1; // -1
									_t1928 = _t485;
									_v108 = _t1928;
									__eflags = _t1852 - _t1928;
									if(_t1852 == _t1928) {
										 *((intOrPtr*)(_t1709 + 0x10)) =  *((intOrPtr*)(_t1709 + 0x10)) - 1;
									}
									__eflags = _v152 - _v160;
									if(_v152 != _v160) {
										goto L235;
									} else {
										_v216 = _t1475;
										__eflags =  *_t1709;
										if( *_t1709 == 0) {
											_t1476 = _v108;
											_v48 = _t1476;
											_v216 = _t1476;
										}
										_t1477 =  *(_t1518 + 8);
										_v152 = _t1477;
										_v108 =  *((intOrPtr*)(_t1709 + 0x18));
										__eflags = _t1852 - _v48;
										_t1931 = _v40;
										if(_t1852 >= _v48) {
											_t1712 = _v88;
											__eflags = _t1477 - _v108;
											if(_t1477 == _v108) {
												 *_t1712 = 0;
												goto L234;
											}
											 *_t1712 = _t1477;
											goto L235;
										} else {
											__eflags = _t1477 -  *((intOrPtr*)(_t1709 + 0x18));
											if(_t1477 ==  *((intOrPtr*)(_t1709 + 0x18))) {
												L233:
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = 0;
												L234:
												_t1932 = _t1931 >> 5;
												_t1479 =  *((intOrPtr*)(_v36 + 0x1c));
												_t513 = _t1479 + _t1932 * 4;
												 *_t513 =  *(_t1479 + _t1932 * 4) &  !(1 << (_v40 & 0x0000001f));
												__eflags =  *_t513;
												goto L235;
											}
											_t1481 = _t1477 + 0xfffffff8;
											_v108 = _t1481;
											_t1482 =  *_t1481;
											_v372 = _t1482;
											_t1539 = _t1482 & 0x0000ffff;
											__eflags =  *(_t1871 + 0x4c);
											if( *(_t1871 + 0x4c) != 0) {
												_t1861 =  *(_t1871 + 0x50) ^ _t1482;
												_v372 = _t1861;
												_t1485 = _t1861 & 0x0000ffff;
												_v160 = _t1485;
												_t1539 = _t1485 & 0x0000ffff;
												_t1719 = _t1861 >> 0x00000010 ^ _t1861 >> 0x00000008 ^ _t1861;
												__eflags = _t1861 >> 0x18 - _t1719;
												if(_t1861 >> 0x18 != _t1719) {
													_push(_t1719);
													E0114A80D(_t1871, _v108, 0, 0);
													_t1539 = _v160 & 0x0000ffff;
												}
												_t1709 = _v36;
											}
											_t1858 = _v68 - (_t1539 & 0x0000ffff);
											__eflags = _t1858;
											_v292 = _t1858;
											if(_t1858 == 0) {
												 *(_v128 +  *((intOrPtr*)(_t1709 + 0x20))) = _v152;
												_t1518 = _v100;
												goto L235;
											} else {
												_t1518 = _v100;
												goto L233;
											}
										}
									}
								}
							}
							goto L23;
						}
						_t1496 = _a4;
						if(_t1518 >= ( *(_t1871 + 0xe0) & 0x0000ffff)) {
							__eflags = _t1496 -  *0x1175cb4; // 0x4000
							if(__eflags > 0) {
								goto L21;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) == 2) {
								__eflags =  *(_t1871 + 0xd4);
								if( *(_t1871 + 0xd4) != 0) {
									goto L21;
								}
							}
							__eflags =  *((char*)(_t1871 + 0xdb)) - 2;
							if( *((char*)(_t1871 + 0xdb)) == 2) {
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							}
							goto L21;
						}
						_t1952 = _t1496 -  *0x1175cb4; // 0x4000
						if(_t1952 > 0) {
							goto L21;
						}
						_t1723 = _t1871 + 0xe2 + (_t1518 >> 3);
						_v88 = _t1723;
						_t1546 = _t1518 & 7;
						_v128 = _t1546;
						if(( *_t1723 & 0x00000001 << _t1546) != 0) {
							L20:
							_t1729 = _v52;
							goto L21;
						}
						_t1933 =  *((intOrPtr*)(_t1871 + 0xdc)) + _t1518 * 2;
						_v288 = _t1933;
						 *_t1933 =  *_t1933 + 0x21;
						_t1546 =  *_t1933;
						if(_v180 != 0) {
							L275:
							_t1504 = _a4;
							__eflags = _t1504;
							if(_t1504 == 0) {
								_t1866 = 1;
							} else {
								_t1866 = _t1504;
							}
							__eflags =  *((char*)(_t1871 + 0xda)) - 2;
							if( *((char*)(_t1871 + 0xda)) != 2) {
								_t1724 = 0;
							} else {
								_t1724 =  *(_t1871 + 0xd4);
							}
							_t1506 = E010BF4A7(_t1724, _t1866) & 0x0000ffff;
							_t1546 = 0xffff;
							__eflags = _t1506 - 0xffff;
							if(_t1506 == 0xffff) {
								__eflags =  *((char*)(_t1871 + 0xda)) - 2;
								if( *((char*)(_t1871 + 0xda)) == 2) {
									__eflags =  *(_t1871 + 0xd4);
									if( *(_t1871 + 0xd4) != 0) {
										goto L20;
									}
								}
								 *(_t1871 + 0x48) =  *(_t1871 + 0x48) | 0x20000000;
							} else {
								 *_t1933 = _t1506;
								_t1546 = _v88;
								asm("bts eax, edx");
								 *_t1546 =  *_t1546 & 0x000000ff;
								 *((intOrPtr*)(_t1871 + 0x22c)) =  *((intOrPtr*)(_t1871 + 0x22c)) + 1;
							}
							goto L20;
						}
						if((_t1546 & 0x0000001f) > 0x10 || _t1546 > 0xff00) {
							_v212 = 1;
							goto L275;
						} else {
							_v212 = 0;
							goto L20;
						}
					} else {
						_t1546 =  *(_t1871 + 0xc8);
						_t1868 =  *[fs:0x18];
						asm("lock btr dword [eax], 0x0");
						if(_t1946 >= 0) {
							_t1074 =  *(_t1546 + 0xc);
							__eflags =  *(_t1546 + 0xc) -  *(_t1868 + 0x24);
							if( *(_t1546 + 0xc) ==  *(_t1868 + 0x24)) {
								 *(_t1546 + 8) =  *(_t1546 + 8) + 1;
								goto L8;
							}
							_v176 = 0;
							__eflags =  *0x1177bc8;
							if( *0x1177bc8 != 0) {
								_v109 = 0;
								 *( *[fs:0x18] + 0xbf4) = 0xc0000194;
								_t1934 =  *[fs:0x18];
								_v284 = _t1934;
								 *((intOrPtr*)(_t1934 + 0x34)) = E0108CCC0(0xc0000194);
								L153:
								_v8 = 0xfffffffe;
								E010A6DF6(_t1074, _t1546, _t1871);
								_t1078 =  *( *[fs:0x30] + 0x50);
								__eflags = _t1078;
								if(_t1078 != 0) {
									__eflags =  *_t1078;
									if( *_t1078 == 0) {
										goto L154;
									}
									_t1079 =  *( *[fs:0x30] + 0x50) + 0x22e;
									L155:
									_t1877 = _v80;
									__eflags =  *_t1079;
									if( *_t1079 != 0) {
										__eflags = _t1877;
										if(_t1877 != 0) {
											_t1730 = _v60;
											__eflags = _t1730;
											if(_t1730 != 0) {
												E0113FEC0(_t1518, _t1871, _t1730 & 0xffff0000,  *((intOrPtr*)(_t1730 + 0x14)));
											}
										}
									}
									_t1073 = _t1877;
									L157:
									 *[fs:0x0] = _v20;
									return _t1073;
								}
								L154:
								_t1079 = 0x7ffe0388;
								goto L155;
							}
							_v180 = 1;
							E0109EEF0( *(_t1871 + 0xc8));
							_t1546 = _t1871;
							_t1074 = E010C4032(_t1546, 1);
							goto L9;
						} else {
							_t1074 =  *(_t1868 + 0x24);
							 *(_t1546 + 0xc) =  *(_t1868 + 0x24);
							 *(_t1546 + 8) = 1;
							L8:
							_v176 = 1;
							 *((intOrPtr*)(_t1871 + 0x204)) =  *((intOrPtr*)(_t1871 + 0x204)) + 1;
							L9:
							_v109 = 1;
							_v53 = 1;
							if(( *(_t1871 + 0x48) & 0x30000000) != 0) {
								_t1546 = _t1871;
								_t1074 = E010B5640(_t1518);
							}
							_t1729 = _v52;
							goto L11;
						}
					}
				}
			}





















































































































































































































































































































































































































                                      0x010a5600
                                      0x010a5600
                                      0x010a5605
                                      0x010a5607
                                      0x010a560c
                                      0x010a5617
                                      0x010a5618
                                      0x010a561f
                                      0x010a5621
                                      0x010a5626
                                      0x010a562b
                                      0x010a562f
                                      0x010a5635
                                      0x010a5638
                                      0x010a563a
                                      0x010a5640
                                      0x010a564a
                                      0x010a5651
                                      0x010a5655
                                      0x010a565c
                                      0x010a5663
                                      0x010a5670
                                      0x010a5679
                                      0x010a672c
                                      0x010a6736
                                      0x010a673c
                                      0x010a673f
                                      0x010a6744
                                      0x010eebaf
                                      0x00000000
                                      0x010eebaf
                                      0x010a674a
                                      0x010a6750
                                      0x010eebb6
                                      0x010eebbc
                                      0x00000000
                                      0x00000000
                                      0x010eebc3
                                      0x00000000
                                      0x010eebc3
                                      0x010a6756
                                      0x010a6756
                                      0x010a6758
                                      0x010eebcd
                                      0x010eebcd
                                      0x010a6766
                                      0x010a676c
                                      0x010a676f
                                      0x010eebd7
                                      0x010eebd7
                                      0x010a6775
                                      0x010a6778
                                      0x010a6783
                                      0x010a6786
                                      0x010a6789
                                      0x010a678e
                                      0x010eebe1
                                      0x010eebe8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a6794
                                      0x010a6794
                                      0x010a6794
                                      0x010a6797
                                      0x010a679a
                                      0x010a679a
                                      0x010a679d
                                      0x010a67a0
                                      0x010a67a0
                                      0x010a67a3
                                      0x00000000
                                      0x010a67a3
                                      0x010a568c
                                      0x010a568c
                                      0x010a568e
                                      0x010a5691
                                      0x010a5693
                                      0x010a5699
                                      0x010eeb9e
                                      0x010eeba2
                                      0x010eeba7
                                      0x010eeba7
                                      0x010a56a2
                                      0x010a56a8
                                      0x010a56ab
                                      0x010a56ad
                                      0x010a56b3
                                      0x010a64d1
                                      0x010a64d7
                                      0x010a64de
                                      0x010a64e1
                                      0x010a64e7
                                      0x010a64ea
                                      0x010a64ea
                                      0x010a64e1
                                      0x010a56b9
                                      0x010a56c0
                                      0x010a56c2
                                      0x010a5714
                                      0x010a5717
                                      0x010a69d8
                                      0x010a69dc
                                      0x010ef55f
                                      0x010a6be2
                                      0x010a6be2
                                      0x00000000
                                      0x010a6be2
                                      0x010a69e5
                                      0x010a69e8
                                      0x010a69eb
                                      0x010a69f8
                                      0x010a69fb
                                      0x010a6a01
                                      0x010a6a16
                                      0x010a6a1c
                                      0x010a6a21
                                      0x010a6a28
                                      0x010a6a2a
                                      0x010a6a30
                                      0x010a6a31
                                      0x010a6a3c
                                      0x010a6a3d
                                      0x010a6a45
                                      0x010a6a46
                                      0x010a6a48
                                      0x010a6a4d
                                      0x010a6a53
                                      0x010a6a55
                                      0x00000000
                                      0x00000000
                                      0x010a6a63
                                      0x010a6a66
                                      0x010a6a67
                                      0x010a6a6f
                                      0x010a6a70
                                      0x010a6a75
                                      0x010a6a76
                                      0x010a6a78
                                      0x010a6a7d
                                      0x010a6a83
                                      0x010a6a85
                                      0x010ef54d
                                      0x010ef554
                                      0x00000000
                                      0x010ef554
                                      0x010a6a94
                                      0x010a6aa1
                                      0x010a6aaa
                                      0x010a6ab6
                                      0x010a6abc
                                      0x010a6ac3
                                      0x010a6ac9
                                      0x010a6ace
                                      0x010a6ad0
                                      0x010ef40f
                                      0x010a6ad6
                                      0x010a6ad6
                                      0x010a6ad6
                                      0x010a6adb
                                      0x010a6ade
                                      0x010ef419
                                      0x010ef41f
                                      0x010ef426
                                      0x010ef431
                                      0x010ef436
                                      0x010ef436
                                      0x010ef426
                                      0x010a6ae4
                                      0x010a6ae9
                                      0x010a6aeb
                                      0x010ef449
                                      0x010a6af1
                                      0x010a6af1
                                      0x010a6af1
                                      0x010a6af6
                                      0x010a6af9
                                      0x010ef453
                                      0x010ef459
                                      0x010ef460
                                      0x010ef46b
                                      0x010ef46d
                                      0x010ef47f
                                      0x010ef46f
                                      0x010ef478
                                      0x010ef478
                                      0x010ef492
                                      0x010ef497
                                      0x010ef497
                                      0x010ef460
                                      0x010a6aff
                                      0x010a6b04
                                      0x010a6b06
                                      0x010ef4aa
                                      0x010a6b0c
                                      0x010a6b0c
                                      0x010a6b0c
                                      0x010a6b11
                                      0x010a6b14
                                      0x010ef4b9
                                      0x010ef4bb
                                      0x010ef4cd
                                      0x010ef4bd
                                      0x010ef4c6
                                      0x010ef4c6
                                      0x010ef4e0
                                      0x010ef4e5
                                      0x010ef4e5
                                      0x010a6b1a
                                      0x010a6b21
                                      0x010ef4f9
                                      0x010ef4fc
                                      0x010ef506
                                      0x010ef506
                                      0x010a6b2d
                                      0x010a6b30
                                      0x010a6b36
                                      0x010a6b3b
                                      0x010ef530
                                      0x010ef530
                                      0x010a6b41
                                      0x010a6b44
                                      0x010a6b48
                                      0x010a6b53
                                      0x010a6b59
                                      0x010a6b59
                                      0x010a6b59
                                      0x010a6b5c
                                      0x010a6b5c
                                      0x010a6b5f
                                      0x010a6b65
                                      0x010a6b68
                                      0x010a6b6a
                                      0x010a6b6c
                                      0x010ef539
                                      0x010ef540
                                      0x010ef543
                                      0x010a6b72
                                      0x010a6b72
                                      0x010a6b74
                                      0x010a6b77
                                      0x010a6b79
                                      0x010a6b79
                                      0x010a6b7f
                                      0x010a6b82
                                      0x00000000
                                      0x010a6b82
                                      0x010a571f
                                      0x010a57b0
                                      0x010a57b0
                                      0x010a57b5
                                      0x010a57c1
                                      0x010a57c7
                                      0x010a57cd
                                      0x010a57d3
                                      0x010a57e0
                                      0x010a57e0
                                      0x010a57e5
                                      0x010a57eb
                                      0x010a57eb
                                      0x010a57eb
                                      0x010a61b6
                                      0x010a61b8
                                      0x010a61ba
                                      0x010a6503
                                      0x010a57ed
                                      0x010a57ed
                                      0x010a57ed
                                      0x010a57f3
                                      0x010a57f6
                                      0x010a57f8
                                      0x010a57fb
                                      0x010a57fe
                                      0x010a5803
                                      0x00000000
                                      0x00000000
                                      0x010a5809
                                      0x010a580c
                                      0x010a580f
                                      0x010a5811
                                      0x010a5817
                                      0x010a581d
                                      0x010a5822
                                      0x010a5824
                                      0x010a582a
                                      0x010a582d
                                      0x010a5833
                                      0x010a5842
                                      0x010a5849
                                      0x010eed03
                                      0x010eed12
                                      0x010eed1a
                                      0x010a584f
                                      0x010a584f
                                      0x010a584f
                                      0x010a5852
                                      0x010a5852
                                      0x010a585b
                                      0x010a585d
                                      0x010a5865
                                      0x010a65de
                                      0x00000000
                                      0x010a586b
                                      0x010a586d
                                      0x010a5870
                                      0x010a5873
                                      0x010a5875
                                      0x010a587b
                                      0x010a5881
                                      0x010a5886
                                      0x010a5888
                                      0x010a588e
                                      0x010a5891
                                      0x010a5897
                                      0x010a58a6
                                      0x010a58ad
                                      0x010eed22
                                      0x010eed31
                                      0x010eed39
                                      0x010a58b3
                                      0x010a58b3
                                      0x010a58b3
                                      0x010a58b6
                                      0x010a58b6
                                      0x010a58bf
                                      0x010a58c1
                                      0x010a58c9
                                      0x010a58cc
                                      0x010a6300
                                      0x00000000
                                      0x010a58d2
                                      0x010a58d4
                                      0x010a58e8
                                      0x010a58f4
                                      0x010a58f8
                                      0x010a58fe
                                      0x010a590e
                                      0x010a5910
                                      0x010a5910
                                      0x010a5916
                                      0x010a591e
                                      0x00000000
                                      0x00000000
                                      0x010a5922
                                      0x010a605f
                                      0x010a6061
                                      0x00000000
                                      0x00000000
                                      0x010a6067
                                      0x00000000
                                      0x010a5928
                                      0x010a5928
                                      0x010a592b
                                      0x010a592d
                                      0x00000000
                                      0x010a592d
                                      0x010a5922
                                      0x010a5930
                                      0x010a5933
                                      0x010a6077
                                      0x010a607a
                                      0x010a607c
                                      0x010a61d7
                                      0x010a6082
                                      0x010a6082
                                      0x010a6082
                                      0x010a5939
                                      0x010a593e
                                      0x010a5941
                                      0x010a5943
                                      0x010a61e6
                                      0x010a5949
                                      0x010a594c
                                      0x010a5953
                                      0x010a5953
                                      0x010a5953
                                      0x010a5943
                                      0x010a5959
                                      0x010a595b
                                      0x010a5961
                                      0x010a5964
                                      0x010a5968
                                      0x010eed68
                                      0x010eed68
                                      0x010a5971
                                      0x00000000
                                      0x010a661c
                                      0x010a661c
                                      0x010a661f
                                      0x010eed41
                                      0x010eed41
                                      0x010a6628
                                      0x010a6630
                                      0x010a6630
                                      0x010a6632
                                      0x00000000
                                      0x00000000
                                      0x010a6638
                                      0x010a663b
                                      0x010a6641
                                      0x010a6644
                                      0x010a6647
                                      0x010a664c
                                      0x010a664e
                                      0x010a6654
                                      0x010a6657
                                      0x010a665d
                                      0x010a666c
                                      0x010a6671
                                      0x010a6673
                                      0x010eed48
                                      0x010eed58
                                      0x010eed60
                                      0x010a6679
                                      0x010a6679
                                      0x010a6679
                                      0x010a667c
                                      0x010a667c
                                      0x010a6685
                                      0x010a6687
                                      0x010a668d
                                      0x010a668f
                                      0x010a6711
                                      0x00000000
                                      0x010a6695
                                      0x010a6695
                                      0x00000000
                                      0x010a6695
                                      0x010a668f
                                      0x010a5974
                                      0x010a5974
                                      0x010a5977
                                      0x010a5977
                                      0x010a5979
                                      0x010a606a
                                      0x010a606a
                                      0x010a606c
                                      0x010a606f
                                      0x00000000
                                      0x010a606f
                                      0x010a597f
                                      0x010a5985
                                      0x010a598b
                                      0x010a653b
                                      0x010a653e
                                      0x010a6545
                                      0x010a6547
                                      0x010a654a
                                      0x010a654c
                                      0x010a6bd8
                                      0x00000000
                                      0x010a6bd8
                                      0x010a6552
                                      0x010a6552
                                      0x010a6555
                                      0x010a6557
                                      0x010a655a
                                      0x010a655d
                                      0x010a6560
                                      0x010a6562
                                      0x010a6565
                                      0x010a6568
                                      0x010a656a
                                      0x010a656d
                                      0x010ef3eb
                                      0x010ef3eb
                                      0x010ef3f3
                                      0x010ef3f8
                                      0x010ef3fd
                                      0x00000000
                                      0x010ef3fd
                                      0x010a6573
                                      0x010a6575
                                      0x00000000
                                      0x00000000
                                      0x010a657e
                                      0x010a6581
                                      0x010a6587
                                      0x010a6589
                                      0x010a65c6
                                      0x010a65c6
                                      0x010a65c8
                                      0x010a65cb
                                      0x010a65cf
                                      0x010eedfc
                                      0x010eee01
                                      0x010eee03
                                      0x00000000
                                      0x00000000
                                      0x010eee11
                                      0x010eee13
                                      0x010eee18
                                      0x00000000
                                      0x010eee18
                                      0x010a65d5
                                      0x010a65d5
                                      0x010a5b42
                                      0x010a5b42
                                      0x010a5b45
                                      0x010a5b48
                                      0x010a5b4c
                                      0x010a67ab
                                      0x010a67ae
                                      0x010eee24
                                      0x010eee2b
                                      0x010eee31
                                      0x010eee34
                                      0x010eee36
                                      0x010eee39
                                      0x010eee3b
                                      0x010eee3b
                                      0x010eee3e
                                      0x010eee3e
                                      0x010eee39
                                      0x010eee4a
                                      0x010eee4e
                                      0x010eee53
                                      0x010eee56
                                      0x010eee58
                                      0x010eee5e
                                      0x010eee65
                                      0x010eee69
                                      0x010eee8b
                                      0x010eee90
                                      0x010eee95
                                      0x010eee6b
                                      0x010eee81
                                      0x010eee86
                                      0x010eee86
                                      0x010eee98
                                      0x010eeea3
                                      0x010eeeaa
                                      0x010eeeaf
                                      0x010eeeb2
                                      0x010eeeb8
                                      0x010eeebc
                                      0x010eeedb
                                      0x010eeebe
                                      0x010eeebe
                                      0x010eeec5
                                      0x010eeec8
                                      0x010eeece
                                      0x010eeecf
                                      0x010eeecf
                                      0x010eeebc
                                      0x010eee58
                                      0x010a67ae
                                      0x010a5b52
                                      0x010a5b55
                                      0x010a5b59
                                      0x010eeee3
                                      0x010eeeeb
                                      0x010eeef0
                                      0x00000000
                                      0x010a5b5f
                                      0x010a5b62
                                      0x010a5b68
                                      0x010a5b6b
                                      0x010a5b6d
                                      0x010a5b73
                                      0x010a5b79
                                      0x010a5b7c
                                      0x010a5b7e
                                      0x010a5b81
                                      0x010a5b84
                                      0x010eeefa
                                      0x010eeefe
                                      0x010a5b8a
                                      0x010a5b8a
                                      0x010a5b8a
                                      0x010a5b8d
                                      0x010a5b91
                                      0x010a5b93
                                      0x010a5ed4
                                      0x010a5ed4
                                      0x010a5eda
                                      0x010a5ee0
                                      0x010a5ee7
                                      0x010a5ef2
                                      0x010a5ef4
                                      0x010ef311
                                      0x010a5efa
                                      0x010a5efa
                                      0x010a5efa
                                      0x010a5efa
                                      0x010a5efc
                                      0x010a5efe
                                      0x010a5f00
                                      0x010ef318
                                      0x010ef318
                                      0x010ef31b
                                      0x010ef31d
                                      0x010ef31d
                                      0x010a5f06
                                      0x010a5f0a
                                      0x010a67b9
                                      0x010a67bc
                                      0x010a67bf
                                      0x010a68b1
                                      0x010a68b5
                                      0x010a67d9
                                      0x010a67d9
                                      0x010a67dc
                                      0x010a67dc
                                      0x010a67e0
                                      0x010ef354
                                      0x010ef357
                                      0x010ef35e
                                      0x010ef369
                                      0x010ef369
                                      0x010a67e6
                                      0x010a67e9
                                      0x010a67ed
                                      0x010a67f1
                                      0x010ef3b7
                                      0x010ef3ba
                                      0x010ef3c0
                                      0x010ef3c5
                                      0x00000000
                                      0x00000000
                                      0x010ef3cd
                                      0x010ef3dc
                                      0x010ef3e3
                                      0x00000000
                                      0x010a67f7
                                      0x010a67f7
                                      0x010a67fe
                                      0x010a6800
                                      0x010a6808
                                      0x010a680a
                                      0x010a680d
                                      0x010a6814
                                      0x010ef372
                                      0x010ef37c
                                      0x010ef37f
                                      0x010ef37f
                                      0x010a6820
                                      0x010a6823
                                      0x010a6829
                                      0x010a682e
                                      0x010ef389
                                      0x010ef39d
                                      0x010ef3a2
                                      0x010ef3a8
                                      0x00000000
                                      0x010a6834
                                      0x010a6834
                                      0x010a6834
                                      0x010a6837
                                      0x010a6837
                                      0x010a683b
                                      0x010a6849
                                      0x010a684c
                                      0x010a684f
                                      0x010a684f
                                      0x00000000
                                      0x010a683b
                                      0x010a682e
                                      0x010a67f1
                                      0x010ef33b
                                      0x010ef347
                                      0x010ef34c
                                      0x00000000
                                      0x010ef34c
                                      0x010a67c5
                                      0x010a67ce
                                      0x010a67d6
                                      0x00000000
                                      0x010a5f10
                                      0x010a5f10
                                      0x010a5f14
                                      0x010a5f16
                                      0x010a5f21
                                      0x010a5f27
                                      0x010a5f27
                                      0x010a5f27
                                      0x010a5f29
                                      0x010a5f2d
                                      0x010a5fc4
                                      0x010a5fc4
                                      0x010a5fc7
                                      0x010a5fc9
                                      0x010a6109
                                      0x010a6112
                                      0x010a6117
                                      0x00000000
                                      0x010a5f33
                                      0x010a5f33
                                      0x010a5f3a
                                      0x010a5f90
                                      0x010a5f90
                                      0x010a5f96
                                      0x010a5f96
                                      0x010a5f96
                                      0x010a5f9a
                                      0x010a5fc0
                                      0x010a5fc0
                                      0x00000000
                                      0x010a5fc0
                                      0x010a5f9c
                                      0x010a5fa6
                                      0x010a5fae
                                      0x010a5fb2
                                      0x010a5fb4
                                      0x010a5fb7
                                      0x010a5fba
                                      0x010a6db9
                                      0x010a6dbd
                                      0x010ef328
                                      0x010ef329
                                      0x010ef32e
                                      0x010ef32e
                                      0x010a6dc3
                                      0x010a6dc3
                                      0x010a6dc6
                                      0x010a6e18
                                      0x010a6dc8
                                      0x010a6dc8
                                      0x010a6dc8
                                      0x010a6dcd
                                      0x010a6dd0
                                      0x010a6dd3
                                      0x010a6dd8
                                      0x010a6ddc
                                      0x010a6ddf
                                      0x00000000
                                      0x00000000
                                      0x010a6e1f
                                      0x010a6e21
                                      0x010a6e21
                                      0x010a6de1
                                      0x010a6de5
                                      0x010a6dec
                                      0x010a6dec
                                      0x010a6de5
                                      0x00000000
                                      0x010a5fba
                                      0x010a5f3c
                                      0x010a5f42
                                      0x010a5f48
                                      0x010a5f4e
                                      0x010a5f50
                                      0x010a5f66
                                      0x010a5f68
                                      0x010a5f6e
                                      0x010a625a
                                      0x010a625a
                                      0x010a5f74
                                      0x010a5f74
                                      0x010a5f7a
                                      0x010a5f80
                                      0x010a5f8a
                                      0x010a6ba0
                                      0x010a6ba7
                                      0x010a6bee
                                      0x010a6bee
                                      0x010a6bb7
                                      0x010a6bb7
                                      0x010a6bbd
                                      0x010a6c13
                                      0x010a6c19
                                      0x010a6c1e
                                      0x010a6c1e
                                      0x010a6c19
                                      0x010a6bbf
                                      0x010a6bc9
                                      0x00000000
                                      0x010a6bc9
                                      0x010a6ba9
                                      0x010a6bb0
                                      0x00000000
                                      0x00000000
                                      0x010a6bb2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a5f8a
                                      0x010a5f2d
                                      0x010a5b99
                                      0x010a5b99
                                      0x010a5b9c
                                      0x010a65fd
                                      0x010a6605
                                      0x010a6608
                                      0x010a660b
                                      0x010a660e
                                      0x010eef07
                                      0x010eef0b
                                      0x010a6614
                                      0x010a6614
                                      0x010a6614
                                      0x00000000
                                      0x010a660e
                                      0x010a5ba2
                                      0x010a5ba6
                                      0x010a69a2
                                      0x010a5bac
                                      0x010a5bac
                                      0x010a5bac
                                      0x010a5bac
                                      0x010a5bae
                                      0x010a5bb1
                                      0x010a5bb4
                                      0x010a5bb6
                                      0x010a60e0
                                      0x010a60e2
                                      0x010a5bbc
                                      0x010a5bbc
                                      0x010a5bbe
                                      0x010a5bbe
                                      0x010a5bc1
                                      0x010a5bc7
                                      0x010a5bcd
                                      0x010a5bd0
                                      0x010a5bda
                                      0x010a5bdd
                                      0x010a5be9
                                      0x010a5bf0
                                      0x010a5bf3
                                      0x010a60f2
                                      0x010a60f3
                                      0x010a60f6
                                      0x010a60f9
                                      0x010a60fe
                                      0x010eef14
                                      0x010eef21
                                      0x010eef26
                                      0x010eef29
                                      0x010eef29
                                      0x010a5bf9
                                      0x010a5bf9
                                      0x010a5bf9
                                      0x010a5bf9
                                      0x010a5bfb
                                      0x010a5bfe
                                      0x010a5c01
                                      0x010a5c05
                                      0x010a5c10
                                      0x010a5c10
                                      0x010a5c1c
                                      0x010a5c1f
                                      0x010a5c21
                                      0x00000000
                                      0x00000000
                                      0x010a6c26
                                      0x010a6c2a
                                      0x010a6c2f
                                      0x010a6c31
                                      0x010a6c3f
                                      0x010a6c44
                                      0x010a6c46
                                      0x010ef050
                                      0x010ef056
                                      0x010ef056
                                      0x010a6c4c
                                      0x010a6c4c
                                      0x010a6c4f
                                      0x010a6c4f
                                      0x010a6c52
                                      0x010a6c57
                                      0x010a6c5a
                                      0x010a6c5a
                                      0x010a6c5d
                                      0x010a6c60
                                      0x010a6c65
                                      0x010a6c65
                                      0x010a6c68
                                      0x010a6c68
                                      0x010a6c6b
                                      0x010ef2b0
                                      0x010ef2b0
                                      0x010ef2b5
                                      0x010ef2bb
                                      0x010ef2c0
                                      0x00000000
                                      0x010a6c71
                                      0x010a6c71
                                      0x010a6c73
                                      0x00000000
                                      0x00000000
                                      0x010a6c7c
                                      0x010a6c7f
                                      0x010a6c85
                                      0x010a6c87
                                      0x010a6cbe
                                      0x010a6cbe
                                      0x010a6cc1
                                      0x010a6cc4
                                      0x010a6cc6
                                      0x010a6cc9
                                      0x010a6ccd
                                      0x010ef06b
                                      0x010ef070
                                      0x010ef072
                                      0x00000000
                                      0x00000000
                                      0x010ef081
                                      0x010ef083
                                      0x010ef2c5
                                      0x010ef2c5
                                      0x010ef2c9
                                      0x010ef2cd
                                      0x010ef2de
                                      0x010ef2e8
                                      0x010ef2f2
                                      0x010ef2f9
                                      0x010ef309
                                      0x00000000
                                      0x010ef309
                                      0x010ef2cf
                                      0x010ef2d6
                                      0x00000000
                                      0x010ef2d6
                                      0x010a6cd3
                                      0x010a6cd3
                                      0x010a6cd7
                                      0x010a6cda
                                      0x010a6cdd
                                      0x010a6cdf
                                      0x010ef08d
                                      0x010ef090
                                      0x010ef093
                                      0x010ef095
                                      0x010ef09b
                                      0x010ef0a1
                                      0x010ef0a8
                                      0x010ef0ae
                                      0x010ef0b2
                                      0x010ef0b4
                                      0x010ef0b7
                                      0x010ef0b9
                                      0x010ef0b9
                                      0x010ef0bc
                                      0x010ef0bc
                                      0x010ef0b7
                                      0x010ef0cc
                                      0x010ef0d1
                                      0x010ef0d4
                                      0x010ef0da
                                      0x010ef156
                                      0x010ef0dc
                                      0x010ef0dc
                                      0x010ef0e3
                                      0x010ef0e7
                                      0x010ef109
                                      0x010ef10e
                                      0x010ef113
                                      0x010ef0e9
                                      0x010ef0ff
                                      0x010ef104
                                      0x010ef104
                                      0x010ef121
                                      0x010ef128
                                      0x010ef12d
                                      0x010ef130
                                      0x010ef136
                                      0x010ef139
                                      0x010ef13d
                                      0x010ef13f
                                      0x010ef146
                                      0x010ef14c
                                      0x010ef14d
                                      0x010ef14d
                                      0x010ef13d
                                      0x010ef159
                                      0x010ef159
                                      0x010ef095
                                      0x010a6ce8
                                      0x010a6cee
                                      0x010a6cf0
                                      0x010a6cf3
                                      0x010a6cf9
                                      0x010a6cfc
                                      0x010a6d02
                                      0x010ef2a6
                                      0x00000000
                                      0x010a6d08
                                      0x010a6d08
                                      0x010a6d0b
                                      0x010a6d15
                                      0x010a6d1a
                                      0x010a6d1c
                                      0x010ef1bd
                                      0x010ef1c0
                                      0x010ef1c4
                                      0x010ef1c8
                                      0x010ef1d7
                                      0x010ef1db
                                      0x010ef1e0
                                      0x010ef1e0
                                      0x010ef1e0
                                      0x010ef1e0
                                      0x010ef1e4
                                      0x010ef1ea
                                      0x010ef1f1
                                      0x010ef206
                                      0x010ef1f3
                                      0x010ef1fc
                                      0x010ef1fe
                                      0x010ef1fe
                                      0x010ef208
                                      0x010ef208
                                      0x010ef20a
                                      0x00000000
                                      0x00000000
                                      0x010ef20c
                                      0x010ef210
                                      0x010ef225
                                      0x010ef212
                                      0x010ef212
                                      0x010ef215
                                      0x010ef218
                                      0x010ef21b
                                      0x010ef21d
                                      0x010ef220
                                      0x010ef220
                                      0x010ef21b
                                      0x010ef229
                                      0x010ef233
                                      0x010ef235
                                      0x00000000
                                      0x010ef237
                                      0x010ef237
                                      0x010ef239
                                      0x00000000
                                      0x010ef239
                                      0x010ef235
                                      0x010ef241
                                      0x010ef241
                                      0x010ef244
                                      0x010ef247
                                      0x010ef249
                                      0x010ef24b
                                      0x010ef259
                                      0x010ef25e
                                      0x010ef263
                                      0x010ef24d
                                      0x010ef24d
                                      0x010ef24f
                                      0x010ef252
                                      0x010ef254
                                      0x010ef254
                                      0x010ef26b
                                      0x010ef26e
                                      0x010ef274
                                      0x010ef276
                                      0x010a5eb6
                                      0x010a5eb6
                                      0x010a5eba
                                      0x010a5ec4
                                      0x010a5eca
                                      0x010a5eca
                                      0x010a5eca
                                      0x010a5ecc
                                      0x010a5ecc
                                      0x010a5ed0
                                      0x00000000
                                      0x010ef27c
                                      0x010ef27c
                                      0x010ef27f
                                      0x010ef27f
                                      0x010ef282
                                      0x00000000
                                      0x00000000
                                      0x010ef288
                                      0x010ef28a
                                      0x010ef28c
                                      0x010ef29d
                                      0x00000000
                                      0x010ef29d
                                      0x010ef291
                                      0x010ef291
                                      0x010ef292
                                      0x010ef292
                                      0x010a6991
                                      0x010a6998
                                      0x00000000
                                      0x010a6998
                                      0x010ef284
                                      0x00000000
                                      0x010ef284
                                      0x010ef276
                                      0x010a6d22
                                      0x010a6d25
                                      0x010a6d28
                                      0x010a6d2e
                                      0x010a6d35
                                      0x010ef161
                                      0x010a6d3b
                                      0x010a6d44
                                      0x010a6d46
                                      0x010a6d46
                                      0x010a6d50
                                      0x010a6d50
                                      0x010a6d52
                                      0x00000000
                                      0x00000000
                                      0x010ef168
                                      0x010ef16c
                                      0x010ef181
                                      0x010ef16e
                                      0x010ef16e
                                      0x010ef171
                                      0x010ef174
                                      0x010ef177
                                      0x010ef179
                                      0x010ef17c
                                      0x010ef17c
                                      0x010ef177
                                      0x010ef185
                                      0x010ef18f
                                      0x010ef191
                                      0x00000000
                                      0x010ef197
                                      0x010ef197
                                      0x010ef199
                                      0x00000000
                                      0x010ef199
                                      0x010ef191
                                      0x010a6d58
                                      0x010a6d58
                                      0x010a6d5b
                                      0x010a6d5e
                                      0x010a6d60
                                      0x010a6d62
                                      0x010ef1a4
                                      0x010ef1ae
                                      0x010a6d68
                                      0x010a6d68
                                      0x010a6d6a
                                      0x010a6d6d
                                      0x010a6d6f
                                      0x010a6d6f
                                      0x010a6d75
                                      0x010a6d78
                                      0x010a6d7e
                                      0x010a6d80
                                      0x00000000
                                      0x010a6d86
                                      0x010a6d86
                                      0x010a6d90
                                      0x010a6d90
                                      0x010a6d93
                                      0x00000000
                                      0x00000000
                                      0x010a6d99
                                      0x010a6d9b
                                      0x010a6d9d
                                      0x010a6db5
                                      0x00000000
                                      0x010a6db5
                                      0x010a6da2
                                      0x010a6da2
                                      0x010a6da3
                                      0x010a6da3
                                      0x00000000
                                      0x010a6da3
                                      0x010a6e14
                                      0x00000000
                                      0x010a6e14
                                      0x010a6d80
                                      0x010a6d02
                                      0x010a6c89
                                      0x010a6c90
                                      0x010a6c90
                                      0x010a6c93
                                      0x00000000
                                      0x00000000
                                      0x010a6c99
                                      0x010a6c9b
                                      0x010a6c9d
                                      0x010a6dae
                                      0x00000000
                                      0x010a6dae
                                      0x010a6ca6
                                      0x010a6ca6
                                      0x010a6ca7
                                      0x010a6ca7
                                      0x010a6cb6
                                      0x010a6cbb
                                      0x00000000
                                      0x010a6cbb
                                      0x010ef060
                                      0x00000000
                                      0x010ef060
                                      0x010a6c6b
                                      0x010a5c27
                                      0x010a5c2a
                                      0x010a5c34
                                      0x010a5c38
                                      0x010a5c3a
                                      0x010a68de
                                      0x010a68e1
                                      0x010a68e5
                                      0x010a68e9
                                      0x010ef00d
                                      0x010ef011
                                      0x010ef016
                                      0x010ef016
                                      0x010a68ef
                                      0x010a68f5
                                      0x010a68fc
                                      0x010ef01f
                                      0x010a6902
                                      0x010a690b
                                      0x010a690d
                                      0x010a690d
                                      0x010a6913
                                      0x010a6913
                                      0x010a6915
                                      0x00000000
                                      0x00000000
                                      0x010a6917
                                      0x010a691b
                                      0x010ef026
                                      0x010a6921
                                      0x010a6921
                                      0x010a6924
                                      0x010a692a
                                      0x010a692d
                                      0x010a692f
                                      0x010a692f
                                      0x010a6932
                                      0x010a6932
                                      0x010a692d
                                      0x010a6938
                                      0x010a6942
                                      0x010a6944
                                      0x010ef02f
                                      0x010ef031
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a6944
                                      0x010a694a
                                      0x010a694a
                                      0x010a694d
                                      0x010a6950
                                      0x010a6952
                                      0x010a6954
                                      0x010ef03c
                                      0x010ef046
                                      0x010a695a
                                      0x010a695a
                                      0x010a695c
                                      0x010a695f
                                      0x010a6961
                                      0x010a6961
                                      0x010a6967
                                      0x010a696a
                                      0x010a6970
                                      0x010a6972
                                      0x00000000
                                      0x010a6978
                                      0x010a6978
                                      0x010a6980
                                      0x010a6980
                                      0x010a6983
                                      0x00000000
                                      0x00000000
                                      0x010a6b8a
                                      0x010a6b8c
                                      0x010a6b8e
                                      0x010a6b9a
                                      0x010a698b
                                      0x010a698b
                                      0x00000000
                                      0x010a698b
                                      0x010a6b90
                                      0x010a6b90
                                      0x010a6989
                                      0x00000000
                                      0x010a6989
                                      0x010a6972
                                      0x010a5c40
                                      0x010a5c43
                                      0x010a5c46
                                      0x010a5c4c
                                      0x010a5c52
                                      0x010a5c55
                                      0x010a5c57
                                      0x010eefa2
                                      0x00000000
                                      0x010a5c60
                                      0x010a5c60
                                      0x010a5c60
                                      0x010a5c63
                                      0x010a5c65
                                      0x010a5c6b
                                      0x010a5c71
                                      0x010a5c71
                                      0x010a5c71
                                      0x010a5dcb
                                      0x010a5dcd
                                      0x010a5dcf
                                      0x010a6242
                                      0x010a6242
                                      0x010a6243
                                      0x010a6243
                                      0x00000000
                                      0x010a5dd5
                                      0x010a5dd5
                                      0x010a5dd7
                                      0x00000000
                                      0x010a5dd7
                                      0x010a5dcf
                                      0x010a5c73
                                      0x010a5c79
                                      0x010a5c7e
                                      0x010a5c81
                                      0x010a5c84
                                      0x010a5c87
                                      0x010a5c89
                                      0x010a64c3
                                      0x010a5c8f
                                      0x010a5c8f
                                      0x010a5c92
                                      0x010a5c95
                                      0x010a5c97
                                      0x010a5c9d
                                      0x010a5ca0
                                      0x010a5ca3
                                      0x010a5ca8
                                      0x010a5caa
                                      0x010a5cb0
                                      0x010a5cb3
                                      0x010a5cb9
                                      0x010a5cc8
                                      0x010a5ccd
                                      0x010a5ccf
                                      0x010eef31
                                      0x010eef40
                                      0x010eef48
                                      0x010a5cd5
                                      0x010a5cd5
                                      0x010a5cd5
                                      0x010a5cd8
                                      0x010a5cd8
                                      0x010a5ce1
                                      0x010a5ce3
                                      0x010a5ce9
                                      0x010a5ceb
                                      0x010a5ddf
                                      0x010a5de1
                                      0x010a5de1
                                      0x010a5cf1
                                      0x010a5cf3
                                      0x010a5cf6
                                      0x010a5cf9
                                      0x010a5cfb
                                      0x010a5d01
                                      0x010a5d04
                                      0x010a5d07
                                      0x010a5d0c
                                      0x010a5d0e
                                      0x010a5d14
                                      0x010a5d17
                                      0x010a5d1d
                                      0x010a5d2c
                                      0x010a5d31
                                      0x010a5d33
                                      0x010eef50
                                      0x010eef5f
                                      0x010eef67
                                      0x010a5d39
                                      0x010a5d39
                                      0x010a5d39
                                      0x010a5d3c
                                      0x010a5d3c
                                      0x010a5d45
                                      0x010a5d47
                                      0x010a5d4d
                                      0x010a5d4f
                                      0x010a5d52
                                      0x010a64ca
                                      0x010a5de4
                                      0x010a5de4
                                      0x010a5de6
                                      0x010a62de
                                      0x010a62de
                                      0x010a62e0
                                      0x010a62e3
                                      0x00000000
                                      0x010a62e3
                                      0x010a5dec
                                      0x010a5df2
                                      0x010a5df2
                                      0x010a5df5
                                      0x010a5df5
                                      0x010a5df7
                                      0x00000000
                                      0x00000000
                                      0x010a6027
                                      0x010a602b
                                      0x010eefa9
                                      0x010a6031
                                      0x010a6031
                                      0x010a6034
                                      0x010a603a
                                      0x010a603d
                                      0x010a603f
                                      0x010a603f
                                      0x010a6042
                                      0x010a6042
                                      0x010a603d
                                      0x010a6048
                                      0x010a6052
                                      0x010a6054
                                      0x00000000
                                      0x010a605a
                                      0x010eefb2
                                      0x010eefb4
                                      0x00000000
                                      0x010eefb4
                                      0x010a6054
                                      0x010a5dfd
                                      0x010a5dfd
                                      0x010a5e00
                                      0x010a5e03
                                      0x010a5e05
                                      0x010a5e07
                                      0x010eefbf
                                      0x010eefc9
                                      0x010a5e0d
                                      0x010a5e0d
                                      0x010a5e0f
                                      0x010a5e12
                                      0x010a5e14
                                      0x010a5e14
                                      0x010a5e1a
                                      0x010a5e1d
                                      0x010a5e23
                                      0x010a5e26
                                      0x010a5e28
                                      0x00000000
                                      0x010a5e2e
                                      0x010a5e2e
                                      0x010a5e31
                                      0x010a5e31
                                      0x010a5e34
                                      0x010a5e36
                                      0x00000000
                                      0x00000000
                                      0x010a6013
                                      0x010a6015
                                      0x010a6017
                                      0x010a624e
                                      0x010a624f
                                      0x010a5e44
                                      0x010a5e44
                                      0x010a5e49
                                      0x010a5e4c
                                      0x010a5e4f
                                      0x010a5e53
                                      0x010eefd6
                                      0x010a5e59
                                      0x010a5e59
                                      0x010a5e59
                                      0x010a5e5c
                                      0x010a5e68
                                      0x010a5e6f
                                      0x010a5e72
                                      0x010a5e75
                                      0x010a623a
                                      0x010a623a
                                      0x010a5e7b
                                      0x010a5e7e
                                      0x010a5e80
                                      0x010a6265
                                      0x010a6268
                                      0x010a626b
                                      0x010a626d
                                      0x010a6276
                                      0x010a6279
                                      0x010a627d
                                      0x010a6280
                                      0x010a6285
                                      0x010a6287
                                      0x010a628d
                                      0x010a6290
                                      0x010a6296
                                      0x010a62a5
                                      0x010a62aa
                                      0x010a62ac
                                      0x010eefde
                                      0x010eefed
                                      0x010eeff8
                                      0x010eeff8
                                      0x010a62b2
                                      0x010a62b5
                                      0x010a62b5
                                      0x010a62be
                                      0x010a62c0
                                      0x010a62c6
                                      0x010a62c8
                                      0x00000000
                                      0x010a62ce
                                      0x00000000
                                      0x010a62ce
                                      0x010a5e86
                                      0x010a5e86
                                      0x010a5e89
                                      0x010a5e8f
                                      0x010a5e92
                                      0x010a5e92
                                      0x010a5e96
                                      0x010a5e9a
                                      0x010a5ea0
                                      0x010a5eb0
                                      0x010a5eb0
                                      0x010a5eb3
                                      0x010a5eb3
                                      0x010a5eb3
                                      0x010a5eb3
                                      0x00000000
                                      0x010a5e96
                                      0x010a5e80
                                      0x010a601d
                                      0x010a601f
                                      0x010a601f
                                      0x010a5e3c
                                      0x010a5e42
                                      0x00000000
                                      0x010a5e42
                                      0x010a5e28
                                      0x010a5d58
                                      0x010a5d5a
                                      0x010a6123
                                      0x010a6126
                                      0x00000000
                                      0x00000000
                                      0x010a612c
                                      0x010a612f
                                      0x010eef74
                                      0x010eef74
                                      0x010a613b
                                      0x010a613e
                                      0x010a613e
                                      0x010a6141
                                      0x010a6143
                                      0x00000000
                                      0x00000000
                                      0x010a6149
                                      0x010a614c
                                      0x010a614f
                                      0x010a6151
                                      0x010a6157
                                      0x010a615a
                                      0x010a615d
                                      0x010a6162
                                      0x010a6164
                                      0x010a616a
                                      0x010a616d
                                      0x010a6173
                                      0x010a6182
                                      0x010a6187
                                      0x010a6189
                                      0x010eef7c
                                      0x010eef8b
                                      0x010eef93
                                      0x010a618f
                                      0x010a618f
                                      0x010a618f
                                      0x010a6192
                                      0x010a6192
                                      0x010a619b
                                      0x010a619d
                                      0x010a61a3
                                      0x010a61a5
                                      0x010a68d2
                                      0x00000000
                                      0x010a61ab
                                      0x010a61ab
                                      0x010a61ae
                                      0x00000000
                                      0x010a61ae
                                      0x010a61a5
                                      0x00000000
                                      0x010a613e
                                      0x010a5d60
                                      0x010a5d63
                                      0x010a5d70
                                      0x010a5d76
                                      0x010a5d86
                                      0x010a5d8e
                                      0x010a5d8e
                                      0x010a5d90
                                      0x010a5d93
                                      0x010a5d93
                                      0x010a5d99
                                      0x010a5d9f
                                      0x010a5da1
                                      0x00000000
                                      0x00000000
                                      0x010a5da7
                                      0x010a5da9
                                      0x010a62d3
                                      0x010a62d5
                                      0x00000000
                                      0x00000000
                                      0x010a62db
                                      0x00000000
                                      0x010a5daf
                                      0x010a5daf
                                      0x010a5db2
                                      0x010a5db4
                                      0x00000000
                                      0x010a5db4
                                      0x010a5da9
                                      0x010a608e
                                      0x010a6091
                                      0x010a61f3
                                      0x010a61f6
                                      0x010a61f8
                                      0x010a64bb
                                      0x010a61fe
                                      0x010a6201
                                      0x010a6208
                                      0x010a6208
                                      0x010a6097
                                      0x010a6097
                                      0x010a609a
                                      0x010a609c
                                      0x010a62f8
                                      0x010a60a2
                                      0x010a60a2
                                      0x010a60a2
                                      0x010a609c
                                      0x010a60ac
                                      0x010a60ae
                                      0x010a60b4
                                      0x010a60b7
                                      0x010a60bb
                                      0x010eef9b
                                      0x010eef9b
                                      0x010a60c4
                                      0x010a60c4
                                      0x010a5ceb
                                      0x00000000
                                      0x010a5c89
                                      0x010a5c57
                                      0x010a5b93
                                      0x010a5b59
                                      0x010a658b
                                      0x010a6590
                                      0x010a6590
                                      0x010a6590
                                      0x010a6593
                                      0x010a6595
                                      0x00000000
                                      0x00000000
                                      0x010a6597
                                      0x010a6599
                                      0x010a659c
                                      0x010a659e
                                      0x010a65a1
                                      0x010a65a8
                                      0x010a65a8
                                      0x00000000
                                      0x010a65a8
                                      0x010a65a3
                                      0x010a65a3
                                      0x010a65ab
                                      0x010a65b6
                                      0x010a65be
                                      0x010a65c3
                                      0x00000000
                                      0x010a65c3
                                      0x010a5991
                                      0x010a5994
                                      0x010a5997
                                      0x010a599b
                                      0x010a59a0
                                      0x010a59aa
                                      0x010a59ad
                                      0x010eed6f
                                      0x010eed74
                                      0x010eed74
                                      0x010a59ad
                                      0x010a59b3
                                      0x010a59b6
                                      0x010a59b9
                                      0x010eedd9
                                      0x010eeddd
                                      0x010eedeb
                                      0x010eedf1
                                      0x010eedf1
                                      0x00000000
                                      0x010eeddd
                                      0x010a59bf
                                      0x010a59bf
                                      0x010a59c2
                                      0x010a59c5
                                      0x010a59c7
                                      0x010a59cd
                                      0x010a59d0
                                      0x010a59d6
                                      0x010a59d8
                                      0x010a59db
                                      0x010a59dd
                                      0x010eedbd
                                      0x010eedbd
                                      0x010eedc0
                                      0x010eedc6
                                      0x010eedcb
                                      0x010eedd0
                                      0x00000000
                                      0x010eedd0
                                      0x010a59e3
                                      0x010a59e6
                                      0x010a59e8
                                      0x00000000
                                      0x00000000
                                      0x010a59ee
                                      0x010a59f1
                                      0x010a59f7
                                      0x010a59fa
                                      0x010a59fc
                                      0x010a5b23
                                      0x010a5b23
                                      0x010a5b29
                                      0x010a5b2f
                                      0x010a5b31
                                      0x010a5b34
                                      0x010a5b38
                                      0x010a689f
                                      0x010a68a4
                                      0x010a68a6
                                      0x00000000
                                      0x00000000
                                      0x010eedad
                                      0x010eedaf
                                      0x010eedb4
                                      0x00000000
                                      0x010eedb4
                                      0x010a5b3e
                                      0x010a5b3e
                                      0x00000000
                                      0x010a5a02
                                      0x010a5a02
                                      0x010a5a05
                                      0x010a5a05
                                      0x010a5a08
                                      0x010a5a0a
                                      0x00000000
                                      0x00000000
                                      0x010a5db7
                                      0x010a5db9
                                      0x010a5dbb
                                      0x010a6218
                                      0x010a6218
                                      0x00000000
                                      0x010a5dc1
                                      0x010a5dc1
                                      0x010a5dc3
                                      0x00000000
                                      0x010a5dc3
                                      0x010a5dbb
                                      0x010a5a10
                                      0x010a5a19
                                      0x010a5a1e
                                      0x010a5a21
                                      0x010a5a24
                                      0x010a5a28
                                      0x010eed7e
                                      0x010a5a2e
                                      0x010a5a2e
                                      0x010a5a2e
                                      0x010a5a30
                                      0x010a5a37
                                      0x010a5a3d
                                      0x010a5a3f
                                      0x010a5a44
                                      0x010a5a47
                                      0x010a5a4a
                                      0x010a5a4d
                                      0x010a5a4d
                                      0x010a5a50
                                      0x010a5a53
                                      0x010a5a55
                                      0x010a6210
                                      0x010a6210
                                      0x010a5a5e
                                      0x010a5a61
                                      0x00000000
                                      0x010a5a67
                                      0x010a5a67
                                      0x010a5a6d
                                      0x010a5a70
                                      0x010a5a72
                                      0x010a5a75
                                      0x010a5a75
                                      0x010a5a7e
                                      0x010a5a84
                                      0x010a5a87
                                      0x010a5a89
                                      0x010a5a8c
                                      0x010a6220
                                      0x010a6223
                                      0x010a6226
                                      0x010a6229
                                      0x010a65e5
                                      0x00000000
                                      0x010a65e5
                                      0x010a622f
                                      0x010a5b08
                                      0x010a5b08
                                      0x010a5b1b
                                      0x010a5b20
                                      0x010a5b20
                                      0x010a5b20
                                      0x00000000
                                      0x010a5b20
                                      0x010a5a92
                                      0x010a5a95
                                      0x010a5a98
                                      0x010a5afb
                                      0x010a5b01
                                      0x00000000
                                      0x010a5b01
                                      0x010a5a9a
                                      0x010a5a9d
                                      0x010a5aa0
                                      0x010a5aa2
                                      0x010a5aa8
                                      0x010a5aab
                                      0x010a5aaf
                                      0x010a5ab4
                                      0x010a5ab6
                                      0x010a5abc
                                      0x010a5abf
                                      0x010a5ac2
                                      0x010a5ad1
                                      0x010a5ad6
                                      0x010a5ad8
                                      0x010eed86
                                      0x010eed95
                                      0x010eed9d
                                      0x010eed9d
                                      0x010a5ade
                                      0x010a5ae1
                                      0x010a5ae1
                                      0x010a5aea
                                      0x010a5aea
                                      0x010a5aec
                                      0x010a5af2
                                      0x010a64f8
                                      0x010a64fb
                                      0x00000000
                                      0x010a5af8
                                      0x010a5af8
                                      0x00000000
                                      0x010a5af8
                                      0x010a5af2
                                      0x010a5a61
                                      0x010a59fc
                                      0x010a58d4
                                      0x010a58cc
                                      0x010a68c0
                                      0x010a68c0
                                      0x00000000
                                      0x010a68c0
                                      0x010a57ed
                                      0x010a61c0
                                      0x010a61c2
                                      0x010a61c2
                                      0x00000000
                                      0x010a57e0
                                      0x010a57b7
                                      0x010a57bb
                                      0x010a6307
                                      0x010a630a
                                      0x010a630d
                                      0x010a6311
                                      0x010a6316
                                      0x010a6320
                                      0x010a6323
                                      0x010eec54
                                      0x010eec59
                                      0x010eec59
                                      0x010a6323
                                      0x010a6329
                                      0x010a6329
                                      0x010a632c
                                      0x010a6332
                                      0x010a6334
                                      0x010a6337
                                      0x010a633a
                                      0x010a633d
                                      0x010a633f
                                      0x010a6342
                                      0x010a6344
                                      0x010eecc0
                                      0x010eecc0
                                      0x010eecc6
                                      0x010eeccb
                                      0x00000000
                                      0x010a634a
                                      0x010a634a
                                      0x010a634c
                                      0x00000000
                                      0x00000000
                                      0x010a6355
                                      0x010a6358
                                      0x010a635e
                                      0x010a6361
                                      0x010a6363
                                      0x010a6496
                                      0x010a6496
                                      0x010a6499
                                      0x010a649c
                                      0x010a649e
                                      0x010a64a1
                                      0x010a64a5
                                      0x010a6c01
                                      0x010a6c06
                                      0x010a6c08
                                      0x00000000
                                      0x00000000
                                      0x010eecb7
                                      0x010eecb9
                                      0x010eecd0
                                      0x010eecd0
                                      0x010eecda
                                      0x010eece4
                                      0x010eeceb
                                      0x010eecfb
                                      0x00000000
                                      0x010eecfb
                                      0x010a64ab
                                      0x010a64ab
                                      0x00000000
                                      0x010a64ab
                                      0x010a6369
                                      0x010a6370
                                      0x010a6370
                                      0x010a6373
                                      0x010a6375
                                      0x00000000
                                      0x00000000
                                      0x010a6718
                                      0x010a671a
                                      0x010a671c
                                      0x010eec63
                                      0x010eec63
                                      0x00000000
                                      0x010eec63
                                      0x010a6722
                                      0x010a6724
                                      0x010a6724
                                      0x010a637b
                                      0x010a6384
                                      0x010a6389
                                      0x010a638c
                                      0x010a638f
                                      0x010a6393
                                      0x010eec6b
                                      0x010a6399
                                      0x010a6399
                                      0x010a6399
                                      0x010a639b
                                      0x010a63a2
                                      0x010a63a8
                                      0x010a63aa
                                      0x010a63af
                                      0x010a63b5
                                      0x010a63b8
                                      0x010a63bb
                                      0x010a63be
                                      0x010a63be
                                      0x010a63c1
                                      0x010a63c4
                                      0x010a63c6
                                      0x010a6bf5
                                      0x010a6bf5
                                      0x010a63d2
                                      0x010a63d8
                                      0x00000000
                                      0x010a63de
                                      0x010a63de
                                      0x010a63e4
                                      0x010a63e7
                                      0x010a65ec
                                      0x010a65ef
                                      0x010a65f2
                                      0x010a65f2
                                      0x010a63ed
                                      0x010a63f0
                                      0x010a63f9
                                      0x010a63fc
                                      0x010a63ff
                                      0x010a6402
                                      0x010eec95
                                      0x010eec98
                                      0x010eec9b
                                      0x010eeca4
                                      0x00000000
                                      0x010eeca4
                                      0x010eec9d
                                      0x00000000
                                      0x010a6408
                                      0x010a6408
                                      0x010a640b
                                      0x010a646e
                                      0x010a6474
                                      0x010a647b
                                      0x010a647b
                                      0x010a648e
                                      0x010a6493
                                      0x010a6493
                                      0x010a6493
                                      0x00000000
                                      0x010a6493
                                      0x010a640d
                                      0x010a6410
                                      0x010a6413
                                      0x010a6415
                                      0x010a641b
                                      0x010a641e
                                      0x010a6422
                                      0x010a6427
                                      0x010a6429
                                      0x010a642f
                                      0x010a6432
                                      0x010a6438
                                      0x010a6447
                                      0x010a644c
                                      0x010a644e
                                      0x010eec73
                                      0x010eec82
                                      0x010eec8d
                                      0x010eec8d
                                      0x010a6454
                                      0x010a6454
                                      0x010a645d
                                      0x010a645d
                                      0x010a645f
                                      0x010a6465
                                      0x010a6706
                                      0x010a6709
                                      0x00000000
                                      0x010a646b
                                      0x010a646b
                                      0x00000000
                                      0x010a646b
                                      0x010a6465
                                      0x010a6402
                                      0x010a63d8
                                      0x010a6344
                                      0x00000000
                                      0x010a57bb
                                      0x010a572e
                                      0x010a5731
                                      0x010a6509
                                      0x010a650f
                                      0x00000000
                                      0x00000000
                                      0x010a6515
                                      0x010a651c
                                      0x010eec26
                                      0x010eec2d
                                      0x00000000
                                      0x00000000
                                      0x010eec33
                                      0x010a6522
                                      0x010a6529
                                      0x010a652f
                                      0x010a652f
                                      0x00000000
                                      0x010a6529
                                      0x010a5737
                                      0x010a573d
                                      0x00000000
                                      0x00000000
                                      0x010a574a
                                      0x010a574c
                                      0x010a5755
                                      0x010a5758
                                      0x010a5764
                                      0x010a57ad
                                      0x010a57ad
                                      0x00000000
                                      0x010a57ad
                                      0x010a576c
                                      0x010a576f
                                      0x010a5775
                                      0x010a5779
                                      0x010a5783
                                      0x010a66a6
                                      0x010a66a6
                                      0x010a66a9
                                      0x010a66ab
                                      0x010eec38
                                      0x010a66b1
                                      0x010a66b1
                                      0x010a66b1
                                      0x010a66b3
                                      0x010a66ba
                                      0x010a69ac
                                      0x010a66c0
                                      0x010a66c0
                                      0x010a66c0
                                      0x010a66cb
                                      0x010a66ce
                                      0x010a66d3
                                      0x010a66d6
                                      0x010a69b3
                                      0x010a69ba
                                      0x010eec42
                                      0x010eec49
                                      0x00000000
                                      0x00000000
                                      0x010eec4f
                                      0x010a69c0
                                      0x010a66dc
                                      0x010a66dc
                                      0x010a66df
                                      0x010a66ea
                                      0x010a66ed
                                      0x010a66ef
                                      0x010a66ef
                                      0x00000000
                                      0x010a66d6
                                      0x010a578f
                                      0x010a669c
                                      0x00000000
                                      0x010a57a3
                                      0x010a57a3
                                      0x00000000
                                      0x010a57a3
                                      0x010a56c4
                                      0x010a56c4
                                      0x010a56ca
                                      0x010a56d4
                                      0x010a56d9
                                      0x010a6856
                                      0x010a6859
                                      0x010a685c
                                      0x010a68c7
                                      0x00000000
                                      0x010a68c7
                                      0x010a685e
                                      0x010a6868
                                      0x010a686f
                                      0x010eebf3
                                      0x010eebfd
                                      0x010eec07
                                      0x010eec0e
                                      0x010eec1e
                                      0x010a5fcf
                                      0x010a5fcf
                                      0x010a5fd6
                                      0x010a5fe1
                                      0x010a5fe4
                                      0x010a5fe6
                                      0x010ef58f
                                      0x010ef592
                                      0x00000000
                                      0x00000000
                                      0x010ef5a1
                                      0x010a5ff1
                                      0x010a5ff1
                                      0x010a5ff4
                                      0x010a5ff7
                                      0x010ef5ab
                                      0x010ef5ad
                                      0x010ef5b3
                                      0x010ef5b6
                                      0x010ef5b8
                                      0x010ef5c9
                                      0x010ef5c9
                                      0x010ef5b8
                                      0x010ef5ad
                                      0x010a5ffd
                                      0x010a5fff
                                      0x010a6002
                                      0x010a6010
                                      0x010a6010
                                      0x010a5fec
                                      0x010a5fec
                                      0x00000000
                                      0x010a5fec
                                      0x010a6875
                                      0x010a6885
                                      0x010a688f
                                      0x010a6891
                                      0x00000000
                                      0x010a56df
                                      0x010a56df
                                      0x010a56e2
                                      0x010a56e5
                                      0x010a56ec
                                      0x010a56ec
                                      0x010a56f6
                                      0x010a56fc
                                      0x010a56fc
                                      0x010a5700
                                      0x010a570b
                                      0x010a69cc
                                      0x010a69ce
                                      0x010a69ce
                                      0x010a5711
                                      0x00000000
                                      0x010a5711
                                      0x010a56d9
                                      0x010a56c2

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                      • API String ID: 0-3178619729
                                      • Opcode ID: bcd3da7353fff191527017b46a58a2cf27cc7364605f8a4eeaef9a37fb4ecbf6
                                      • Instruction ID: 35a1570f5201bdc8dda624d16f50792e3f9e5ec37e41ed2c6ca97c6596df4eeb
                                      • Opcode Fuzzy Hash: bcd3da7353fff191527017b46a58a2cf27cc7364605f8a4eeaef9a37fb4ecbf6
                                      • Instruction Fuzzy Hash: 4E23B370A00219DFDB15CFA9C8847ADBBF1FF49304F5881A9E58AAB345D735A941CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E010AA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1178748 - 1;
					if( *0x1178748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
									_t260 = _t257 + 4;
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0108B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1177bc8;
								if(__eflags == 0) {
									E01142073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0114A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E010DD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E010AAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0114A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0114A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1178748 - 1;
					if( *0x1178748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0108B150();
							__eflags =  *0x1177bc8;
							if(__eflags == 0) {
								_t131 = E01142073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                      0x010aa83a
                                      0x010aa83c
                                      0x010aa83e
                                      0x010aa841
                                      0x010aa844
                                      0x010aa84a
                                      0x010aaa53
                                      0x010aaa59
                                      0x010aaa59
                                      0x010aa858
                                      0x010aa85e
                                      0x010aaaf5
                                      0x010aaafc
                                      0x010f229e
                                      0x010f22a2
                                      0x010f22a8
                                      0x010f22b3
                                      0x010f22b5
                                      0x010f22bb
                                      0x010f22c1
                                      0x010f22c5
                                      0x010f22e6
                                      0x010f22eb
                                      0x010f22f0
                                      0x010f22c7
                                      0x010f22dc
                                      0x010f22e1
                                      0x010f22e1
                                      0x010f22f3
                                      0x010f22f8
                                      0x010f22fd
                                      0x010f2300
                                      0x010f2307
                                      0x010f230e
                                      0x010f230e
                                      0x010f2313
                                      0x010f2313
                                      0x010f22b5
                                      0x010f22a2
                                      0x010aaafc
                                      0x010aa864
                                      0x010aa869
                                      0x010aaa5c
                                      0x010aaa5e
                                      0x010aa86f
                                      0x010aa87f
                                      0x010aa885
                                      0x010aa885
                                      0x010aa88b
                                      0x010aa890
                                      0x010aa896
                                      0x010aab0c
                                      0x010aab0f
                                      0x010aab15
                                      0x010f2320
                                      0x010f2320
                                      0x010aab1b
                                      0x010aa89c
                                      0x010aa89f
                                      0x010aa8a2
                                      0x010aa8a2
                                      0x010aa8a5
                                      0x010aa8af
                                      0x010aa8b3
                                      0x010aa8b8
                                      0x010aaa66
                                      0x010aa8be
                                      0x010aa8c5
                                      0x010aa8c6
                                      0x010aa8ce
                                      0x010f2328
                                      0x010f2332
                                      0x010f2337
                                      0x010f2337
                                      0x010aa8ce
                                      0x010aa8d4
                                      0x010aa8d8
                                      0x010aa8db
                                      0x010aa8de
                                      0x010aa8e1
                                      0x010aa8e5
                                      0x010aa8e8
                                      0x010aa8f0
                                      0x010aa8f3
                                      0x010f234c
                                      0x010f2350
                                      0x010f2355
                                      0x010f2359
                                      0x010f2359
                                      0x010aa8f9
                                      0x010aa901
                                      0x010aaae4
                                      0x010aaae4
                                      0x010aaaea
                                      0x00000000
                                      0x010aa907
                                      0x010aa90a
                                      0x010aa91d
                                      0x010aa91d
                                      0x00000000
                                      0x010aa910
                                      0x010aa910
                                      0x010aa910
                                      0x010aa914
                                      0x010aa924
                                      0x010aa924
                                      0x010aa924
                                      0x010aa924
                                      0x010aa916
                                      0x010aa91b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010aa91b
                                      0x010aa925
                                      0x010aa925
                                      0x010aa932
                                      0x010aa936
                                      0x010aa93c
                                      0x010aa93c
                                      0x010aa93c
                                      0x010aab22
                                      0x010aab24
                                      0x010aab27
                                      0x010aab27
                                      0x010aa942
                                      0x010aa944
                                      0x010aaaba
                                      0x010aaabd
                                      0x010aaac0
                                      0x010aaac0
                                      0x010aaac2
                                      0x010aab2f
                                      0x010aaac4
                                      0x010aaac4
                                      0x010aaac7
                                      0x010aaaca
                                      0x010aaacc
                                      0x010aaace
                                      0x010aaace
                                      0x010aaace
                                      0x010aaad1
                                      0x010aaad1
                                      0x010aaad7
                                      0x010aaad9
                                      0x00000000
                                      0x00000000
                                      0x010f2361
                                      0x010f2369
                                      0x010f236b
                                      0x00000000
                                      0x010f2371
                                      0x00000000
                                      0x010f2371
                                      0x00000000
                                      0x010f236b
                                      0x010aaac0
                                      0x010aa94a
                                      0x010aa94a
                                      0x010aa94d
                                      0x010aa94d
                                      0x010aa950
                                      0x010aa954
                                      0x010f2376
                                      0x010f2380
                                      0x010aa95a
                                      0x010aa95a
                                      0x010aa95c
                                      0x010aa95f
                                      0x010aa961
                                      0x010aa961
                                      0x010aa967
                                      0x010aa96a
                                      0x010aa972
                                      0x010aaa02
                                      0x010aaa06
                                      0x010aaa10
                                      0x010aaa16
                                      0x010aaa16
                                      0x010aaa1b
                                      0x010aaa21
                                      0x010aaa24
                                      0x010aaa27
                                      0x010aaa29
                                      0x010aaa2c
                                      0x010aaa32
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010aa978
                                      0x010aa978
                                      0x010aa97b
                                      0x010aa981
                                      0x010aa996
                                      0x010aa998
                                      0x010aa99f
                                      0x010aa9a2
                                      0x010f238a
                                      0x010aa9a8
                                      0x010aa9a8
                                      0x010aa9a8
                                      0x010aa9aa
                                      0x010aa9ad
                                      0x010aa9b0
                                      0x010aa9bb
                                      0x010aa9be
                                      0x010aa9c7
                                      0x010aa9c9
                                      0x010aa9c9
                                      0x010aa9cc
                                      0x010aa9d1
                                      0x010aaa6d
                                      0x010aaa70
                                      0x010aaa73
                                      0x010aaa75
                                      0x010aaa79
                                      0x010aaa7e
                                      0x010aaa82
                                      0x010aaa8f
                                      0x010aaa94
                                      0x010aaa96
                                      0x010f2392
                                      0x010f23a1
                                      0x010f23a1
                                      0x010aaa9c
                                      0x010aaa9f
                                      0x010aaaa2
                                      0x010aaaa2
                                      0x010aaaa8
                                      0x010aaaab
                                      0x010aaaaf
                                      0x00000000
                                      0x010aaab5
                                      0x00000000
                                      0x010aaab5
                                      0x010aa9d7
                                      0x010aa9d7
                                      0x010aa9da
                                      0x010aa9e0
                                      0x010aa9e3
                                      0x010aa9e6
                                      0x010aa9e9
                                      0x010aa9eb
                                      0x010aa9fd
                                      0x010aa9fd
                                      0x00000000
                                      0x010aa9eb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010aa983
                                      0x010aa983
                                      0x010aa983
                                      0x010aa987
                                      0x010aa995
                                      0x010aa995
                                      0x010aa995
                                      0x010aa995
                                      0x010aa989
                                      0x010aa98e
                                      0x00000000
                                      0x010aa990
                                      0x00000000
                                      0x010aa990
                                      0x010aa98e
                                      0x00000000
                                      0x010aa983
                                      0x010aa972
                                      0x010aa90a
                                      0x010aaa34
                                      0x010aaa34
                                      0x010aaa40
                                      0x010aaa43
                                      0x010aaa46
                                      0x010aaa4d
                                      0x010f23ab
                                      0x010f23b2
                                      0x010f23b8
                                      0x010f23be
                                      0x010f23c3
                                      0x010f23c5
                                      0x010f23cb
                                      0x010f23d1
                                      0x010f23d5
                                      0x010f23f6
                                      0x010f23fb
                                      0x010f23d7
                                      0x010f23ec
                                      0x010f23f1
                                      0x010f2403
                                      0x010f2408
                                      0x010f2410
                                      0x010f2417
                                      0x010f2422
                                      0x010f2422
                                      0x010f2417
                                      0x010f23c5
                                      0x010f23b2
                                      0x00000000

                                      Strings
                                      • HEAP[%wZ]: , xrefs: 010F22D7, 010F23E7
                                      • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010F22F3
                                      • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010F2403
                                      • HEAP: , xrefs: 010F22E6, 010F23F6
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                      • API String ID: 0-1657114761
                                      • Opcode ID: 2f51c0340be73b57ad0be1777a49b2c986ae9b706cab42bc4f48daea0f8ffa34
                                      • Instruction ID: a9aac54ed8b85356d2d0734793ec6ba726b032d9a2a34c64f81cdf2a2152aaf0
                                      • Opcode Fuzzy Hash: 2f51c0340be73b57ad0be1777a49b2c986ae9b706cab42bc4f48daea0f8ffa34
                                      • Instruction Fuzzy Hash: 47D1AD74B00206DFDB19CFA8C490BAAB7F1FF58300F5585A9D9DA9B782E334A845CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E010AA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E010ADF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E010C9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0114A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E010C9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0108B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E010A7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0114138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E010A7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E010A7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01141582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E010A7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E010A7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01141582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E010DD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                      0x010aa229
                                      0x010aa231
                                      0x010aa23f
                                      0x010aa242
                                      0x010aa244
                                      0x010aa24c
                                      0x010aa255
                                      0x010aa25a
                                      0x010aa25f
                                      0x010f1c76
                                      0x010f1c78
                                      0x010f1c7e
                                      0x010f1c7f
                                      0x010f1c81
                                      0x010f1c82
                                      0x010f1c84
                                      0x010f1c89
                                      0x010f1c8b
                                      0x010f1c9e
                                      0x010f1c9e
                                      0x010f1cab
                                      0x010f1cb2
                                      0x00000000
                                      0x010f1cb2
                                      0x010f1c8d
                                      0x010f1c92
                                      0x00000000
                                      0x00000000
                                      0x010f1c94
                                      0x010f1c98
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f1c98
                                      0x010aa265
                                      0x010aa265
                                      0x010aa266
                                      0x010aa26f
                                      0x010aa270
                                      0x010aa276
                                      0x010aa277
                                      0x010aa279
                                      0x010aa27e
                                      0x010aa282
                                      0x010f1db5
                                      0x010f1dbb
                                      0x010f1dc1
                                      0x010f1dc5
                                      0x010f1de4
                                      0x010f1de9
                                      0x010f1dc7
                                      0x010f1ddc
                                      0x010f1de1
                                      0x010f1def
                                      0x010f1df3
                                      0x010f1df7
                                      0x010f1dfe
                                      0x010f1e06
                                      0x010aa302
                                      0x010aa308
                                      0x010aa308
                                      0x010aa288
                                      0x010aa28d
                                      0x010aa294
                                      0x010f1cc1
                                      0x010aa29a
                                      0x010aa29a
                                      0x010aa29a
                                      0x010aa29f
                                      0x010f1ccb
                                      0x010f1cd1
                                      0x010f1cd8
                                      0x010f1cea
                                      0x010f1cea
                                      0x010f1cd8
                                      0x010aa2a9
                                      0x010aa2af
                                      0x010aa2bc
                                      0x010f1cfd
                                      0x010aa2c2
                                      0x010aa2c2
                                      0x010aa2c2
                                      0x010aa2c7
                                      0x010f1d07
                                      0x010f1d0d
                                      0x010f1d14
                                      0x010f1d1f
                                      0x010f1d21
                                      0x010f1d2c
                                      0x010f1d2c
                                      0x010f1d2c
                                      0x010f1d47
                                      0x010f1d47
                                      0x010f1d14
                                      0x010aa2cd
                                      0x010aa2d2
                                      0x010aa2d9
                                      0x010f1d5a
                                      0x010aa2df
                                      0x010aa2df
                                      0x010aa2df
                                      0x010aa2e4
                                      0x010f1d69
                                      0x010f1d6b
                                      0x010f1d76
                                      0x010f1d76
                                      0x010f1d76
                                      0x010f1d91
                                      0x010f1d91
                                      0x010aa2ea
                                      0x010aa2f0
                                      0x010aa2f5
                                      0x010f1da8
                                      0x010f1dad
                                      0x010f1dad
                                      0x010aa2fd
                                      0x010aa300
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                      • API String ID: 2994545307-2586055223
                                      • Opcode ID: e5cbb1365f5ead66205a4a40bad86db3ef92f29846076cbebfe5485dfd761393
                                      • Instruction ID: 466c5c14e7a7d7b89df0eb9bdbabafcd8aee1013e2460b086771bae20a5b778b
                                      • Opcode Fuzzy Hash: e5cbb1365f5ead66205a4a40bad86db3ef92f29846076cbebfe5485dfd761393
                                      • Instruction Fuzzy Hash: C051E332205681DFD722EBA8C845F6B7BE8EB80B50F0904A8F6D58B6D1D735D800CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011449A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                      • API String ID: 2994545307-336120773
                                      • Opcode ID: baa5bcc4a1e86b9381107b77943f66aec71643e06117a94158e03581c8f0bff3
                                      • Instruction ID: f7a98419847bd1c67133c46e6d31b13c7d52c18745def80e523bedfd16648a7c
                                      • Opcode Fuzzy Hash: baa5bcc4a1e86b9381107b77943f66aec71643e06117a94158e03581c8f0bff3
                                      • Instruction Fuzzy Hash: 7C311435200105EFD729DB59C885FAB77E8EF44F20F254069F586CB651D771A840CB69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01143518 Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 66%
                                      			E01143518(signed int* __ecx) {
				char _v8;
				void* _t11;
				signed int* _t34;

				_push(__ecx);
				_t34 = __ecx;
				if(__ecx !=  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
					if(E010840E1("RtlDestroyHeap") == 0 || E01144496(__ecx, 0) == 0) {
						goto L5;
					} else {
						_t32 = __ecx + 0x80;
						 *((intOrPtr*)(__ecx + 0x60)) = 0;
						if( *((intOrPtr*)(__ecx + 0x80)) != 0) {
							_v8 = 0;
							E010B174B(_t32,  &_v8, 0x8000);
						}
						_t11 = 1;
					}
				} else {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0108B150("May not destroy the process heap at %p\n", _t34);
					L5:
					_t11 = 0;
				}
				return _t11;
			}






                                      0x0114351d
                                      0x01143525
                                      0x0114352a
                                      0x0114357d
                                      0x00000000
                                      0x0114358c
                                      0x0114358e
                                      0x01143594
                                      0x01143599
                                      0x0114359b
                                      0x011435a7
                                      0x011435a7
                                      0x011435ac
                                      0x011435ac
                                      0x0114352c
                                      0x01143536
                                      0x01143555
                                      0x0114355a
                                      0x01143538
                                      0x0114354d
                                      0x01143552
                                      0x01143566
                                      0x0114356d
                                      0x0114356d
                                      0x0114356d
                                      0x011435b2

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                      • API String ID: 0-4256168463
                                      • Opcode ID: 3b6c377bb563e945dec20bc9d2e8605265e47b9e2ff466ec8ae9931612a4c468
                                      • Instruction ID: 3b1d26f9dff01d8106bc2713235f16d9986287871ce79e50be1ef6922b72c068
                                      • Opcode Fuzzy Hash: 3b6c377bb563e945dec20bc9d2e8605265e47b9e2ff466ec8ae9931612a4c468
                                      • Instruction Fuzzy Hash: 46014532120211DFCB29FB69C444BE673E8FB81E20F008459E4AA9F381DB71E841CAA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E010A99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0113FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0114A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E010DD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0108B150();
										} else {
											E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1176378 = 1;
											asm("int3");
											 *0x1176378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E010AA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E010AA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E010ABC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0114A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E010AA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E010AA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E010DD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1176378 = 1;
									asm("int3");
									 *0x1176378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0113FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0114A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E010DD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0108B150();
													} else {
														E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1176378 = 1;
														asm("int3");
														 *0x1176378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E010AA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E010AA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E010ABC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0114A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E010DD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0108B150();
													} else {
														E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0108B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1176378 = 1;
														asm("int3");
														 *0x1176378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E010AA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E010AA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E010ABC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E010ABC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                      0x010a99ca
                                      0x010a99cc
                                      0x010a99df
                                      0x010a99e3
                                      0x010a99f8
                                      0x010a99fb
                                      0x010a99fb
                                      0x00000000
                                      0x010a9a48
                                      0x010a9a48
                                      0x010a9a4c
                                      0x010a9a51
                                      0x010a9a55
                                      0x010a9a61
                                      0x010a9a66
                                      0x010a9a68
                                      0x010f1457
                                      0x010f145c
                                      0x010f145c
                                      0x010a9a68
                                      0x010a9a6e
                                      0x010a9a71
                                      0x010a9a74
                                      0x010a9a76
                                      0x010f1466
                                      0x010f1469
                                      0x010f1469
                                      0x010f146c
                                      0x010f146e
                                      0x010f1471
                                      0x010f1474
                                      0x010f1477
                                      0x010f1479
                                      0x010f159c
                                      0x010f159c
                                      0x010f159d
                                      0x010f15a6
                                      0x010f15ab
                                      0x010f15ab
                                      0x00000000
                                      0x010f15ab
                                      0x010f147f
                                      0x010f1481
                                      0x00000000
                                      0x00000000
                                      0x010f148a
                                      0x010f148d
                                      0x010f1493
                                      0x010f1495
                                      0x010f14c0
                                      0x010f14c0
                                      0x010f14c3
                                      0x010f14c6
                                      0x010f14c8
                                      0x010f14cb
                                      0x010f14cf
                                      0x010f14f2
                                      0x010f14f2
                                      0x010f14f5
                                      0x010f14f8
                                      0x010f1501
                                      0x010f1508
                                      0x010f150b
                                      0x010f150e
                                      0x010f1510
                                      0x010f1513
                                      0x010f1515
                                      0x010f1515
                                      0x010f1518
                                      0x010f1518
                                      0x010f1513
                                      0x010f1521
                                      0x010f1525
                                      0x010f152a
                                      0x010f152d
                                      0x010f1530
                                      0x010f1532
                                      0x010f1539
                                      0x010f153d
                                      0x010f155d
                                      0x010f1562
                                      0x010f153f
                                      0x010f1555
                                      0x010f155a
                                      0x010f1570
                                      0x010f1577
                                      0x010f157c
                                      0x010f1582
                                      0x010f1585
                                      0x010f1589
                                      0x010f158b
                                      0x010f1592
                                      0x010f1593
                                      0x010f1593
                                      0x010f1589
                                      0x010f1530
                                      0x00000000
                                      0x010f14f8
                                      0x010f14d5
                                      0x010f14da
                                      0x010f14dc
                                      0x00000000
                                      0x010f14de
                                      0x010f14e8
                                      0x00000000
                                      0x010f14e8
                                      0x010f1497
                                      0x010f1497
                                      0x010f14a4
                                      0x010f14a4
                                      0x010f14a7
                                      0x010f14a9
                                      0x010f14ab
                                      0x010f14ab
                                      0x010f149c
                                      0x010f149e
                                      0x010f14a0
                                      0x010f14b0
                                      0x010f14b0
                                      0x00000000
                                      0x010f14a2
                                      0x010f14a2
                                      0x00000000
                                      0x010f14a2
                                      0x010f14a0
                                      0x010f14b3
                                      0x010f14bb
                                      0x00000000
                                      0x010f14bb
                                      0x010f1495
                                      0x010a9a7c
                                      0x010a9a7c
                                      0x010a9a7f
                                      0x010a9a7f
                                      0x010a9a82
                                      0x010a9a84
                                      0x010a9a87
                                      0x010a9a8a
                                      0x010a9a8d
                                      0x010a9a8f
                                      0x010f166a
                                      0x010f166a
                                      0x010f166b
                                      0x010f1674
                                      0x00000000
                                      0x010f1674
                                      0x010a9a95
                                      0x010a9a97
                                      0x00000000
                                      0x00000000
                                      0x010a9aa0
                                      0x010a9aa3
                                      0x010a9aa9
                                      0x010a9aab
                                      0x010a9ad7
                                      0x010a9ad7
                                      0x010a9ada
                                      0x010a9add
                                      0x010a9adf
                                      0x010a9ae2
                                      0x010a9ae6
                                      0x010a9b22
                                      0x010a9b27
                                      0x010a9b29
                                      0x00000000
                                      0x010a9b2b
                                      0x010f15be
                                      0x00000000
                                      0x010f15be
                                      0x010a9b29
                                      0x010a9ae8
                                      0x010a9ae8
                                      0x010a9aeb
                                      0x010a9aee
                                      0x010f15cb
                                      0x010f15d2
                                      0x010f15d5
                                      0x010f15d7
                                      0x010f15da
                                      0x010f15dc
                                      0x010f15dc
                                      0x010f15dc
                                      0x010f15da
                                      0x010f15e5
                                      0x010f15e9
                                      0x010f15ee
                                      0x010f15f1
                                      0x010f15f3
                                      0x010f15f9
                                      0x010f1600
                                      0x010f1604
                                      0x010f1624
                                      0x010f1629
                                      0x010f1606
                                      0x010f161c
                                      0x010f1621
                                      0x010f1637
                                      0x010f163e
                                      0x010f1643
                                      0x010f1649
                                      0x010f164c
                                      0x010f1650
                                      0x010f1656
                                      0x010f165d
                                      0x010f165e
                                      0x010f165e
                                      0x010f1650
                                      0x010f15f3
                                      0x010a9af4
                                      0x010a9af7
                                      0x010a9afc
                                      0x010a9b00
                                      0x010a9b04
                                      0x010a9b08
                                      0x010a9b14
                                      0x010a99fe
                                      0x010a9a04
                                      0x010a9a07
                                      0x00000000
                                      0x010a9a29
                                      0x010f169c
                                      0x010f16a0
                                      0x010f16a5
                                      0x010f16a9
                                      0x010f16b5
                                      0x010f16ba
                                      0x010f16bc
                                      0x010f16be
                                      0x010f16c3
                                      0x010f16c3
                                      0x010f16bc
                                      0x010f16c8
                                      0x010f16cc
                                      0x010f181b
                                      0x010f181b
                                      0x010f181e
                                      0x010f181e
                                      0x010f1821
                                      0x010f1823
                                      0x010f1826
                                      0x010f1829
                                      0x010f182c
                                      0x010f182e
                                      0x010f1688
                                      0x010f1688
                                      0x010f1689
                                      0x010f168b
                                      0x010f168c
                                      0x010f168d
                                      0x010f168f
                                      0x010f1692
                                      0x00000000
                                      0x010f1692
                                      0x010f1834
                                      0x010f1836
                                      0x00000000
                                      0x00000000
                                      0x010f183f
                                      0x010f1842
                                      0x010f1848
                                      0x010f184a
                                      0x010f1875
                                      0x010f1875
                                      0x010f1878
                                      0x010f187b
                                      0x010f187d
                                      0x010f1880
                                      0x010f1884
                                      0x010f18a7
                                      0x010f18a7
                                      0x010f18aa
                                      0x010f18ad
                                      0x010f18b6
                                      0x010f18bd
                                      0x010f18c0
                                      0x010f18c3
                                      0x010f18c5
                                      0x010f18c8
                                      0x010f18ca
                                      0x010f18ca
                                      0x010f18cd
                                      0x010f18cd
                                      0x010f18c8
                                      0x010f18d5
                                      0x010f18da
                                      0x010f18df
                                      0x010f18e2
                                      0x010f18e5
                                      0x010f18e7
                                      0x010f18ee
                                      0x010f18f2
                                      0x010f1912
                                      0x010f1917
                                      0x010f18f4
                                      0x010f190a
                                      0x010f190f
                                      0x010f1925
                                      0x010f192c
                                      0x010f1931
                                      0x010f193a
                                      0x010f193e
                                      0x010f1940
                                      0x010f1947
                                      0x010f1948
                                      0x010f1948
                                      0x010f193e
                                      0x010f18e5
                                      0x010f194f
                                      0x010f1952
                                      0x010f1956
                                      0x010f195d
                                      0x010f1961
                                      0x010f196d
                                      0x00000000
                                      0x010f196d
                                      0x010f188a
                                      0x010f188f
                                      0x010f1891
                                      0x00000000
                                      0x00000000
                                      0x010f189d
                                      0x00000000
                                      0x010f189d
                                      0x010f184c
                                      0x010f1859
                                      0x010f1859
                                      0x010f185c
                                      0x00000000
                                      0x00000000
                                      0x010f1851
                                      0x010f1853
                                      0x010f1855
                                      0x010f1865
                                      0x010f1865
                                      0x010f1866
                                      0x010f1868
                                      0x010f1870
                                      0x00000000
                                      0x010f1870
                                      0x010f1857
                                      0x010f1857
                                      0x010f185e
                                      0x00000000
                                      0x010f16d2
                                      0x010f16d2
                                      0x010f16d5
                                      0x010f16d5
                                      0x010f16d8
                                      0x010f16da
                                      0x010f16dd
                                      0x010f16e0
                                      0x010f16e3
                                      0x010f16e5
                                      0x010f1808
                                      0x010f1808
                                      0x010f1809
                                      0x010f1812
                                      0x010f1817
                                      0x010f1817
                                      0x00000000
                                      0x010f1817
                                      0x010f16eb
                                      0x010f16ed
                                      0x00000000
                                      0x00000000
                                      0x010f16f6
                                      0x010f16f9
                                      0x010f16ff
                                      0x010f1701
                                      0x010f172c
                                      0x010f172c
                                      0x010f172f
                                      0x010f1732
                                      0x010f1734
                                      0x010f1737
                                      0x010f173b
                                      0x010f175e
                                      0x010f175e
                                      0x010f1761
                                      0x010f1764
                                      0x010f176d
                                      0x010f1774
                                      0x010f1777
                                      0x010f177a
                                      0x010f177c
                                      0x010f177f
                                      0x010f1781
                                      0x010f1781
                                      0x010f1784
                                      0x010f1784
                                      0x010f177f
                                      0x010f178c
                                      0x010f1791
                                      0x010f1796
                                      0x010f1799
                                      0x010f179c
                                      0x010f179e
                                      0x010f17a5
                                      0x010f17a9
                                      0x010f17c9
                                      0x010f17ce
                                      0x010f17ab
                                      0x010f17c1
                                      0x010f17c6
                                      0x010f17dc
                                      0x010f17e3
                                      0x010f17e8
                                      0x010f17ee
                                      0x010f17f1
                                      0x010f17f5
                                      0x010f17f7
                                      0x010f17fe
                                      0x010f17ff
                                      0x010f17ff
                                      0x010f17f5
                                      0x010f179c
                                      0x00000000
                                      0x010f1764
                                      0x010f1741
                                      0x010f1746
                                      0x010f1748
                                      0x00000000
                                      0x00000000
                                      0x010f1754
                                      0x00000000
                                      0x010f1754
                                      0x010f1703
                                      0x010f1710
                                      0x010f1710
                                      0x010f1713
                                      0x00000000
                                      0x00000000
                                      0x010f1708
                                      0x010f170a
                                      0x010f170c
                                      0x010f171c
                                      0x010f171c
                                      0x010f171d
                                      0x010f171f
                                      0x010f1727
                                      0x00000000
                                      0x010f1727
                                      0x010f170e
                                      0x010f170e
                                      0x010f1715
                                      0x00000000
                                      0x010f1715
                                      0x010f16cc
                                      0x010a9a45
                                      0x010a9a45
                                      0x010a9a0e
                                      0x010a9a1c
                                      0x010a9a23
                                      0x010f167e
                                      0x010f167f
                                      0x010f1681
                                      0x010f1683
                                      0x010f1684
                                      0x00000000
                                      0x010f1684
                                      0x00000000
                                      0x010a9aad
                                      0x010a9aad
                                      0x010a9ab0
                                      0x010a9ab3
                                      0x010a9ab3
                                      0x010a9ab6
                                      0x00000000
                                      0x00000000
                                      0x010a9ab8
                                      0x010a9aba
                                      0x010a9abc
                                      0x010a9ac8
                                      0x010a9ac8
                                      0x00000000
                                      0x010a9abe
                                      0x010a9abe
                                      0x010a9ac0
                                      0x00000000
                                      0x010a9ac0
                                      0x010a9abc
                                      0x010a9ad2
                                      0x00000000
                                      0x010a9ad2
                                      0x010a9aab

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                      • API String ID: 0-3178619729
                                      • Opcode ID: d496391c941b725c8138389dfc3e6b795caf8b7a41c137074927d6a9ff7058d9
                                      • Instruction ID: 9fa4497780bdf35a864b50f7b16c26e158b0b3ad6a63b0d5c6a236f92dc632c4
                                      • Opcode Fuzzy Hash: d496391c941b725c8138389dfc3e6b795caf8b7a41c137074927d6a9ff7058d9
                                      • Instruction Fuzzy Hash: 4022EE70600242DFEB24DF69C496BBABBF5EF44704F1885ADE5C68B682D735E881CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0112EB8A Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 599timeCOMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E0112EB8A(signed int __ecx, signed int __edx, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed char _t262;
				signed int _t263;
				char* _t264;
				signed int _t265;
				intOrPtr _t267;
				signed int _t271;
				signed char _t272;
				signed short _t273;
				signed int _t277;
				signed char _t281;
				signed short _t283;
				signed short _t288;
				signed char _t289;
				signed short _t290;
				signed short _t292;
				signed short _t294;
				signed char _t295;
				intOrPtr _t296;
				signed int _t297;
				signed char _t298;
				unsigned int _t302;
				intOrPtr* _t303;
				signed int _t304;
				unsigned int _t306;
				signed short _t307;
				signed short _t308;
				signed int _t311;
				signed short _t314;
				signed short _t326;
				signed char _t329;
				signed short _t330;
				signed int _t332;
				void* _t333;
				signed short _t337;
				signed int _t339;
				void* _t340;
				signed short _t344;
				signed int _t347;
				signed int _t349;
				signed int _t351;
				signed int _t359;
				signed short _t362;
				signed int _t369;
				signed int _t376;
				signed short _t377;
				signed short* _t378;
				signed short _t381;
				signed char _t383;
				signed short _t384;
				signed short _t385;
				signed int _t390;
				signed int _t393;
				void* _t400;
				signed short _t406;
				signed int _t407;
				signed short _t408;
				signed short _t409;
				signed short _t410;
				signed short _t411;
				intOrPtr _t415;
				signed int _t416;
				signed char _t417;
				signed int _t418;
				unsigned int _t423;
				unsigned int _t431;
				signed int _t437;
				signed int _t442;
				intOrPtr _t443;
				void* _t449;
				intOrPtr _t451;
				signed short _t453;
				signed int _t455;

				_t258 =  *0x117d360 ^ _t455;
				_v8 = _t258;
				_t452 = __ecx;
				_t395 = __edx;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x61000000;
					asm("bt dword [edi+0x40], 0x1c");
					__eflags = (_t258 & 0xffffff00 | ( *(__ecx + 0x40) & 0x61000000) >= 0x00000000) & (__ecx & 0xffffff00 | __eflags != 0x00000000);
					if(__eflags == 0) {
						L5:
						_v12 = _v12 & 0x00000000;
						_t260 =  *_t395;
						_push(2);
						__eflags = _t260;
						if(_t260 != 0) {
							_t399 =  *(_t395 + 0xa) & 0x0000ffff;
							__eflags = _t399 & 0x00001002;
							if((_t399 & 0x00001002) == 0) {
								goto L25;
							}
							_t441 = _t399 & 0x00000002;
							__eflags = _t441;
							if(_t441 == 0) {
								L14:
								__eflags = _a4;
								if(_a4 == 0) {
									L17:
									_t453 =  *(_t395 + 4) + _t260;
									__eflags = _t399 & 0x00001000;
									if((_t399 & 0x00001000) != 0) {
										_t441 = _t260 - 0x18;
										_t399 = _t452;
										_t260 = E0112D42F(_t452, _t260 - 0x18);
									}
									__eflags = _a4;
									if(_a4 == 0) {
										L21:
										_t451 =  *((intOrPtr*)(_t260 + 0x10));
										_t399 = 2;
										__eflags = _t451 - _t452 + 0xa4;
										if(_t451 == _t452 + 0xa4) {
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
												goto L62;
											}
											_t441 =  *(_t452 + 0xd4);
											goto L63;
										}
										_t441 = _t451 + 0xfffffff0;
										goto L63;
									} else {
										__eflags = _t453 -  *((intOrPtr*)(_t260 + 0x28));
										if(_t453 <  *((intOrPtr*)(_t260 + 0x28))) {
											goto L82;
										}
										goto L21;
									}
								}
								__eflags = _t441;
								if(_t441 == 0) {
									goto L17;
								}
								_t453 =  *(_t260 + 0x24);
								goto L82;
							} else {
								__eflags =  *((char*)(_t452 + 0xda)) - 2;
								if( *((char*)(_t452 + 0xda)) != 2) {
									_t437 = 0;
									__eflags = 0;
								} else {
									_t437 =  *(_t452 + 0xd4);
								}
								__eflags = _t260 - _t437;
								if(_t260 == _t437) {
									goto L61;
								} else {
									_t399 =  *(_t395 + 0xa) & 0x0000ffff;
									goto L14;
								}
							}
						} else {
							_t441 = _t452;
							L63:
							_t453 = 0;
							__eflags = _t441;
							if(_t441 != 0) {
								__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t399;
								if( *((intOrPtr*)(_t452 + 0xda)) != _t399) {
									_t359 = 0;
									__eflags = 0;
								} else {
									_t359 =  *(_t452 + 0xd4);
								}
								__eflags = _t441 - _t359;
								if(_t441 == _t359) {
									_t441 = _t395;
									E01146D15(_t452, _t395,  &_v12);
									goto L193;
								} else {
									 *_t395 = _t441;
									__eflags =  *(_t452 + 0x4c) - _t453;
									if( *(_t452 + 0x4c) == _t453) {
										_t362 =  *_t441 & 0x0000ffff;
									} else {
										_t377 =  *_t441;
										__eflags =  *(_t452 + 0x4c) & _t377;
										if(( *(_t452 + 0x4c) & _t377) != 0) {
											_t377 = _t377 ^  *(_t452 + 0x50);
											__eflags = _t377;
										}
										_t362 = _t377 & 0x0000ffff;
									}
									 *(_t395 + 4) = (_t362 & 0x0000ffff) << 3;
									 *(_t395 + 0xa) = _t399;
									 *(_t395 + 8) = _t453;
									 *(_t395 + 0xc) =  *((intOrPtr*)(_t441 + 0x20)) -  *(_t441 + 0x2c) << 0xc;
									_t369 =  *(_t441 + 0x2c) << 0xc;
									 *(_t395 + 0x10) = _t369;
									__eflags =  *(_t441 + 0xc) & _t399;
									if(( *(_t441 + 0xc) & _t399) != 0) {
										_t376 = _t369 + 0x1000;
										__eflags = _t376;
										 *(_t395 + 0x10) = _t376;
									}
									 *(_t395 + 0x14) =  *((intOrPtr*)(_t441 + 0x24)) + (( !( *( *((intOrPtr*)(_t441 + 0x24)) + 2)) & 0x00000001) + 1) * 8;
									 *((intOrPtr*)(_t395 + 0x18)) =  *((intOrPtr*)(_t441 + 0x28));
									L82:
									__eflags = _t453;
									if(_t453 == 0) {
										L193:
										_t263 = E010A7D50();
										__eflags = _t263;
										if(_t263 == 0) {
											_t264 = 0x7ffe0380;
										} else {
											_t264 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										__eflags =  *_t264;
										if( *_t264 != 0) {
											_t267 =  *[fs:0x30];
											__eflags =  *(_t267 + 0x240) & 0x00000001;
											if(( *(_t267 + 0x240) & 0x00000001) != 0) {
												__eflags = _v12 - 0x8000001a;
												if(_v12 != 0x8000001a) {
													E01141BA8(_t452);
												}
											}
										}
										_t265 = _v12;
										goto L201;
									}
									_t272 =  *((intOrPtr*)(_t453 + 7));
									__eflags = _t272 & 0x00000040;
									if((_t272 & 0x00000040) == 0) {
										__eflags = _t272 - 4;
										if(_t272 != 4) {
											_t273 = _t453;
											L89:
											 *_t395 = _t273 + 8;
											_t441 = 2;
											 *(_t395 + 0xa) = 1;
											__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
											if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
												_t277 = 0;
												__eflags = 0;
											} else {
												_t277 =  *(_t452 + 0xd4);
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L97:
												_t281 =  *(_t452 + 0x4c) >> 0x00000014 &  *(_t452 + 0x52) ^  *(_t453 + 2);
												__eflags = _t281 & 0x00000001;
												if((_t281 & 0x00000001) == 0) {
													 *_t395 = _t453 + 0x10;
													__eflags =  *(_t452 + 0x4c);
													if( *(_t452 + 0x4c) == 0) {
														_t283 =  *_t453 & 0x0000ffff;
													} else {
														_t288 =  *_t453;
														__eflags =  *(_t452 + 0x4c) & _t288;
														if(( *(_t452 + 0x4c) & _t288) != 0) {
															_t288 = _t288 ^  *(_t452 + 0x50);
															__eflags = _t288;
														}
														_t283 = _t288 & 0x0000ffff;
													}
													 *(_t395 + 4) = (_t283 & 0x0000ffff) * 8 - 0x10;
													 *((char*)(_t395 + 9)) =  *(_t453 + 6);
													 *(_t395 + 0xa) = 0;
													 *(_t395 + 8) = 0x10;
													 *(_t395 + 0x14) = 0x10;
													goto L193;
												}
												_t289 =  *((intOrPtr*)(_t453 + 7));
												__eflags = _t289 & 0x00000040;
												if((_t289 & 0x00000040) == 0) {
													__eflags = _t289 - 4;
													if(_t289 != 4) {
														_t290 = _t453;
														L104:
														 *_t395 = _t290 + 8;
														_t399 =  *((intOrPtr*)(_t453 + 7));
														__eflags = _t399 - 4;
														if(_t399 == 4) {
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t292 =  *_t453 & 0x0000ffff;
															} else {
																_t308 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t308;
																if(( *(_t452 + 0x4c) & _t308) != 0) {
																	_t308 = _t308 ^  *(_t452 + 0x50);
																	__eflags = _t308;
																}
																_t292 = _t308 & 0x0000ffff;
															}
															 *((char*)(_t395 + 9)) = 0x40;
															_t294 = 0x4001;
															 *(_t395 + 4) =  *((intOrPtr*)(_t453 - 8)) - (_t292 & 0x0000ffff);
															 *(_t395 + 0xa) = 0x4001;
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t406 =  *_t453 & 0x0000ffff;
															} else {
																_t307 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t307;
																if(( *(_t452 + 0x4c) & _t307) != 0) {
																	_t307 = _t307 ^  *(_t452 + 0x50);
																	__eflags = _t307;
																}
																_t406 = _t307 & 0x0000ffff;
																_t294 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															_t407 = _t406 & 0x0000ffff;
															 *(_t395 + 8) = _t407;
															__eflags = _t441 & _t294;
															if((_t441 & _t294) == 0) {
																 *(_t395 + 0x14) = _t407;
															}
															_t408 = _t294 & 0x0000ffff;
															L166:
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t295 =  *(_t453 + 2);
																_t409 = _t408 & 0x0000ffff;
															} else {
																_t306 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t306;
																if(( *(_t452 + 0x4c) & _t306) != 0) {
																	_t306 = _t306 ^  *(_t452 + 0x50);
																	__eflags = _t306;
																}
																_t409 =  *(_t395 + 0xa) & 0x0000ffff;
																_t295 = _t306 >> 0x10;
															}
															__eflags = _t441 & _t295;
															if((_t441 & _t295) == 0) {
																_t296 =  *[fs:0x30];
																_t410 = _t409 & 0x0000ffff;
																__eflags =  *(_t296 + 0x68) & 0x00000800;
																if(( *(_t296 + 0x68) & 0x00000800) != 0) {
																	_t297 =  *(_t453 + 3) & 0x000000ff;
																} else {
																	_t297 = 0;
																}
																 *(_t395 + 0x10) = _t297;
															} else {
																_t441 = _t453;
																_t303 = E0112D380(_t452, _t453);
																 *(_t395 + 0xc) =  *(_t303 + 4);
																 *((short*)(_t395 + 0x12)) =  *_t303;
																_t415 =  *[fs:0x30];
																__eflags =  *(_t415 + 0x68) & 0x00000800;
																if(( *(_t415 + 0x68) & 0x00000800) != 0) {
																	_t304 =  *(_t303 + 2) & 0x0000ffff;
																} else {
																	_t304 = 0;
																}
																 *(_t395 + 0x10) = _t304;
																 *(_t395 + 0xa) =  *(_t395 + 0xa) | 0x00000010;
																_t410 =  *(_t395 + 0xa) & 0x0000ffff;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t298 =  *(_t453 + 2);
																_t411 = _t410 & 0x0000ffff;
															} else {
																_t302 =  *_t453;
																__eflags =  *(_t452 + 0x4c) & _t302;
																if(( *(_t452 + 0x4c) & _t302) != 0) {
																	_t302 = _t302 ^  *(_t452 + 0x50);
																	__eflags = _t302;
																}
																_t411 =  *(_t395 + 0xa) & 0x0000ffff;
																_t298 = _t302 >> 0x10;
															}
															 *(_t395 + 0xa) = _t298 & 0xe0 | _t411;
															goto L193;
														}
														__eflags = _t399 - 3;
														if(_t399 == 3) {
															_t408 = 0x1000;
															 *_t395 =  *(_t453 + 0x18);
															 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
															 *(_t395 + 4) =  *(_t453 + 0x1c);
															 *(_t395 + 8) = 0x10000000;
															goto L166;
														}
														__eflags = _t399 - 1;
														if(_t399 != 1) {
															_t442 =  *(_t452 + 0x4c);
															__eflags = _t442;
															if(_t442 == 0) {
																_t311 =  *_t453 & 0x0000ffff;
															} else {
																_t344 =  *_t453;
																_t442 =  *(_t452 + 0x4c);
																__eflags = _t344 & _t442;
																if((_t344 & _t442) != 0) {
																	_t344 = _t344 ^  *(_t452 + 0x50);
																	__eflags = _t344;
																}
																_t399 =  *((intOrPtr*)(_t453 + 7));
																_t311 = _t344 & 0x0000ffff;
															}
															_v20 = _t311;
															__eflags = _t399 - 5;
															if(_t399 != 5) {
																__eflags = _t399 & 0x00000040;
																if((_t399 & 0x00000040) == 0) {
																	__eflags = (_t399 & 0x0000003f) - 0x3f;
																	if((_t399 & 0x0000003f) == 0x3f) {
																		__eflags = _t399;
																		if(_t399 >= 0) {
																			__eflags = _t442;
																			if(_t442 == 0) {
																				_t314 =  *_t453 & 0x0000ffff;
																			} else {
																				_t337 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t337;
																				if(( *(_t452 + 0x4c) & _t337) != 0) {
																					_t337 = _t337 ^  *(_t452 + 0x50);
																					__eflags = _t337;
																				}
																				_t314 = _t337 & 0x0000ffff;
																			}
																		} else {
																			_t431 = _t453 >> 0x00000003 ^  *_t453 ^  *0x117874c ^ _t452;
																			__eflags = _t431;
																			if(_t431 == 0) {
																				_t339 = _t453 - (_t431 >> 0xd);
																				__eflags = _t339;
																				_t340 =  *_t339;
																			} else {
																				_t340 = 0;
																			}
																			_t314 =  *((intOrPtr*)(_t340 + 0x14));
																		}
																		_t416 =  *(_t453 + (_t314 & 0xffff) * 8 - 4);
																	} else {
																		_t416 = _t399 & 0x3f;
																	}
																} else {
																	_t416 =  *(_t453 + 4 + (_t399 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t416 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															 *(_t395 + 4) = ((_v20 & 0x0000ffff) << 3) - _t416;
															 *((char*)(_t395 + 9)) =  *(_t453 + 6);
															 *(_t395 + 0xa) = 1;
															_t417 =  *((intOrPtr*)(_t453 + 7));
															__eflags = _t417 - 5;
															if(_t417 != 5) {
																__eflags = _t417 & 0x00000040;
																if((_t417 & 0x00000040) == 0) {
																	__eflags = (_t417 & 0x0000003f) - 0x3f;
																	if((_t417 & 0x0000003f) == 0x3f) {
																		__eflags = _t417;
																		if(_t417 >= 0) {
																			__eflags =  *(_t452 + 0x4c);
																			if( *(_t452 + 0x4c) == 0) {
																				_t326 =  *_t453 & 0x0000ffff;
																			} else {
																				_t330 =  *_t453;
																				__eflags =  *(_t452 + 0x4c) & _t330;
																				if(( *(_t452 + 0x4c) & _t330) != 0) {
																					_t330 = _t330 ^  *(_t452 + 0x50);
																					__eflags = _t330;
																				}
																				_t326 = _t330 & 0x0000ffff;
																			}
																		} else {
																			_t423 = _t453 >> 0x00000003 ^  *_t453 ^  *0x117874c ^ _t452;
																			__eflags = _t423;
																			if(_t423 == 0) {
																				_t332 = _t453 - (_t423 >> 0xd);
																				__eflags = _t332;
																				_t333 =  *_t332;
																			} else {
																				_t333 = 0;
																			}
																			_t326 =  *((intOrPtr*)(_t333 + 0x14));
																		}
																		_t418 =  *(_t453 + (_t326 & 0xffff) * 8 - 4);
																	} else {
																		_t418 = _t417 & 0x3f;
																	}
																} else {
																	_t418 =  *(_t453 + 4 + (_t417 & 0x3f) * 8) & 0x0000ffff;
																}
															} else {
																_t418 =  *(_t452 + 0x54) & 0x0000ffff ^  *(_t453 + 4) & 0x0000ffff;
															}
															_t329 =  *(_t395 + 0xa) & 0x0000ffff;
															_t441 = 2;
															 *(_t395 + 8) = _t418;
															__eflags = _t441 & _t329;
															if((_t441 & _t329) == 0) {
																 *(_t395 + 0x14) = _t418;
															}
															_t408 = _t329;
															goto L166;
														}
														 *(_t395 + 0xa) = 1;
														goto L26;
													}
													_t347 =  *(_t453 + 6) & 0x000000ff;
													L100:
													_t290 = _t453 + _t347 * 8;
													goto L104;
												}
												_t347 = _t289 & 0x3f;
												__eflags = _t347;
												goto L100;
											} else {
												_t441 = _t395;
												_t399 = _t452;
												_t349 = E011467E2(_t452, _t395, _t452);
												__eflags = _t349;
												if(_t349 == 0) {
													_t441 = 2;
													goto L97;
												}
												__eflags =  *(_t395 + 0xa) & 0x00002000;
												if(( *(_t395 + 0xa) & 0x00002000) == 0) {
													goto L193;
												}
												L25:
												_t441 = 2;
												L26:
												__eflags =  *((intOrPtr*)(_t452 + 0xda)) - _t441;
												if( *((intOrPtr*)(_t452 + 0xda)) != _t441) {
													_t261 = 0;
													__eflags = 0;
												} else {
													_t261 =  *(_t452 + 0xd4);
												}
												__eflags = _t261;
												if(_t261 == 0) {
													L32:
													__eflags =  *(_t395 + 0xa) & 0x00000001;
													_t400 =  *_t395;
													if(( *(_t395 + 0xa) & 0x00000001) == 0) {
														_t399 = _t400 + 0xfffffff0;
														__eflags =  *(_t452 + 0x4c);
														if( *(_t452 + 0x4c) == 0) {
															_t453 =  *_t399 & 0x0000ffff;
														} else {
															_t381 =  *_t399;
															__eflags =  *(_t452 + 0x4c) & _t381;
															if(( *(_t452 + 0x4c) & _t381) != 0) {
																_t381 = _t381 ^  *(_t452 + 0x50);
																__eflags = _t381;
															}
															_t453 = _t381 & 0x0000ffff;
														}
														_t262 =  *(_t399 + 6);
														__eflags = _t262;
														if(_t262 == 0) {
															_t441 = _t452;
														} else {
															_t441 = (_t399 & 0xffff0000) - ((_t262 & 0x000000ff) << 0x10) + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															L192:
															_v12 = 0xc0000141;
															goto L193;
														} else {
															__eflags =  *((char*)(_t399 + 7)) - 3;
															if( *((char*)(_t399 + 7)) != 3) {
																_t271 = _t453 & 0x0000ffff;
																L81:
																_t453 = _t399 + _t271 * 8;
																goto L82;
															}
															L58:
															__eflags =  *(_t399 + 0x1c) + 0x20 + _t399 -  *((intOrPtr*)(_t441 + 0x28));
															if( *(_t399 + 0x1c) + 0x20 + _t399 <  *((intOrPtr*)(_t441 + 0x28))) {
																 *_t395 =  *(_t399 + 0x18);
																 *(_t395 + 0x14) =  *(_t395 + 0x14) & 0x00000000;
																_t453 = 0;
																 *(_t395 + 4) =  *(_t399 + 0x1c);
																 *(_t395 + 8) = 0x10000000;
																goto L82;
															}
															_t443 =  *((intOrPtr*)(_t441 + 0x10));
															__eflags = _t443 - _t452 + 0xa4;
															if(_t443 == _t452 + 0xa4) {
																L61:
																_t399 = 2;
																L62:
																_t441 = 0;
																__eflags = 0;
																goto L63;
															}
															_t441 = _t443 + 0xfffffff0;
															_t399 = 2;
															goto L63;
														}
													}
													_t399 = _t400 + 0xfffffff8;
													__eflags =  *((char*)(_t399 + 7)) - 5;
													if( *((char*)(_t399 + 7)) == 5) {
														_t399 = _t399 - (( *(_t399 + 6) & 0x000000ff) << 3);
														__eflags = _t399;
													}
													__eflags =  *((intOrPtr*)(_t399 + 7)) - 4;
													if( *((intOrPtr*)(_t399 + 7)) != 4) {
														_t383 =  *(_t399 + 6);
														__eflags = _t383;
														if(_t383 == 0) {
															_t441 = _t452;
														} else {
															_t449 = (_t399 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10);
															_t383 =  *((intOrPtr*)(_t399 + 7));
															_t441 = _t449 + 0x10000;
														}
														__eflags = _t441;
														if(_t441 == 0) {
															goto L192;
														} else {
															__eflags = _t383 - 3;
															if(_t383 == 3) {
																goto L58;
															}
															__eflags =  *(_t452 + 0x4c);
															if( *(_t452 + 0x4c) == 0) {
																_t384 =  *_t399 & 0x0000ffff;
															} else {
																_t385 =  *_t399;
																__eflags =  *(_t452 + 0x4c) & _t385;
																if(( *(_t452 + 0x4c) & _t385) != 0) {
																	_t385 = _t385 ^  *(_t452 + 0x50);
																	__eflags = _t385;
																}
																_t384 = _t385 & 0x0000ffff;
															}
															_t271 = _t384 & 0x0000ffff;
															goto L81;
														}
													} else {
														_t453 =  *(_t399 - 0x18);
														_t378 = _t452 + 0x9c;
														L65:
														__eflags = _t453 - _t378;
														if(_t453 == _t378) {
															_v12 = 0x8000001a;
															goto L193;
														}
														_t453 = _t453 + 0x18;
														goto L82;
													}
												} else {
													_t441 = _t395;
													_t390 = E011467E2(_t452, _t395, _t399);
													__eflags = _t390;
													if(_t390 == 0) {
														goto L32;
													}
													__eflags =  *(_t395 + 0xa) & 0x00002000;
													if(( *(_t395 + 0xa) & 0x00002000) == 0) {
														goto L193;
													}
													goto L32;
												}
											}
										}
										_t351 =  *(_t453 + 6) & 0x000000ff;
										L85:
										_t273 = _t453 + _t351 * 8;
										goto L89;
									}
									_t351 = _t272 & 0x3f;
									__eflags = _t351;
									goto L85;
								}
							}
							_t378 = _t452 + 0x9c;
							_t453 =  *_t378;
							goto L65;
						}
					}
					_t393 = E0114433B(__edx, __ecx, __ecx, _t453, __eflags);
					__eflags = _t393;
					if(_t393 != 0) {
						goto L5;
					} else {
						_v12 = 0xc000000d;
						goto L193;
					}
				} else {
					_t453 =  *0x1175724; // 0x0
					 *0x117b1e0(__ecx, __edx);
					_t265 =  *_t453();
					L201:
					return E010CB640(_t265, _t395, _v8 ^ _t455, _t441, _t452, _t453);
				}
			}





















































































                                      0x0112eb97
                                      0x0112eb99
                                      0x0112eb9f
                                      0x0112eba1
                                      0x0112ebaa
                                      0x0112ebc3
                                      0x0112ebcd
                                      0x0112ebd5
                                      0x0112ebd7
                                      0x0112ebf0
                                      0x0112ebf0
                                      0x0112ebf4
                                      0x0112ebf6
                                      0x0112ebf9
                                      0x0112ebfb
                                      0x0112ec04
                                      0x0112ec08
                                      0x0112ec0e
                                      0x00000000
                                      0x00000000
                                      0x0112ec16
                                      0x0112ec16
                                      0x0112ec19
                                      0x0112ec3a
                                      0x0112ec3a
                                      0x0112ec3e
                                      0x0112ec4d
                                      0x0112ec50
                                      0x0112ec52
                                      0x0112ec58
                                      0x0112ec5a
                                      0x0112ec5d
                                      0x0112ec5f
                                      0x0112ec5f
                                      0x0112ec64
                                      0x0112ec68
                                      0x0112ec73
                                      0x0112ec73
                                      0x0112ec7e
                                      0x0112ec7f
                                      0x0112ec81
                                      0x0112ec8b
                                      0x0112ec91
                                      0x00000000
                                      0x00000000
                                      0x0112ec97
                                      0x00000000
                                      0x0112ec97
                                      0x0112ec83
                                      0x00000000
                                      0x0112ec6a
                                      0x0112ec6a
                                      0x0112ec6d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0112ec6d
                                      0x0112ec68
                                      0x0112ec40
                                      0x0112ec43
                                      0x00000000
                                      0x00000000
                                      0x0112ec45
                                      0x00000000
                                      0x0112ec1b
                                      0x0112ec1b
                                      0x0112ec22
                                      0x0112ec2c
                                      0x0112ec2c
                                      0x0112ec24
                                      0x0112ec24
                                      0x0112ec24
                                      0x0112ec2e
                                      0x0112ec30
                                      0x00000000
                                      0x0112ec36
                                      0x0112ec36
                                      0x00000000
                                      0x0112ec36
                                      0x0112ec30
                                      0x0112ebfd
                                      0x0112ebfd
                                      0x0112edd2
                                      0x0112edd2
                                      0x0112edd4
                                      0x0112edd6
                                      0x0112edf0
                                      0x0112edf6
                                      0x0112ee00
                                      0x0112ee00
                                      0x0112edf8
                                      0x0112edf8
                                      0x0112edf8
                                      0x0112ee02
                                      0x0112ee04
                                      0x0112ef6c
                                      0x0112ef71
                                      0x00000000
                                      0x0112ee0a
                                      0x0112ee0a
                                      0x0112ee0c
                                      0x0112ee0f
                                      0x0112ee20
                                      0x0112ee11
                                      0x0112ee11
                                      0x0112ee13
                                      0x0112ee16
                                      0x0112ee18
                                      0x0112ee18
                                      0x0112ee18
                                      0x0112ee1b
                                      0x0112ee1b
                                      0x0112ee29
                                      0x0112ee2c
                                      0x0112ee30
                                      0x0112ee3d
                                      0x0112ee43
                                      0x0112ee46
                                      0x0112ee49
                                      0x0112ee4c
                                      0x0112ee4e
                                      0x0112ee4e
                                      0x0112ee53
                                      0x0112ee53
                                      0x0112ee65
                                      0x0112ee6b
                                      0x0112ee90
                                      0x0112ee90
                                      0x0112ee92
                                      0x0112f23e
                                      0x0112f23e
                                      0x0112f243
                                      0x0112f245
                                      0x0112f257
                                      0x0112f247
                                      0x0112f250
                                      0x0112f250
                                      0x0112f25c
                                      0x0112f25f
                                      0x0112f261
                                      0x0112f267
                                      0x0112f26e
                                      0x0112f270
                                      0x0112f277
                                      0x0112f27b
                                      0x0112f27b
                                      0x0112f277
                                      0x0112f26e
                                      0x0112f280
                                      0x00000000
                                      0x0112f280
                                      0x0112ee98
                                      0x0112ee9b
                                      0x0112ee9d
                                      0x0112eeaa
                                      0x0112eeac
                                      0x0112eeb4
                                      0x0112eeb6
                                      0x0112eeb9
                                      0x0112eec0
                                      0x0112eec1
                                      0x0112eec5
                                      0x0112eecb
                                      0x0112eed5
                                      0x0112eed5
                                      0x0112eecd
                                      0x0112eecd
                                      0x0112eecd
                                      0x0112eed7
                                      0x0112eed9
                                      0x0112ef00
                                      0x0112ef09
                                      0x0112ef0c
                                      0x0112ef0e
                                      0x0112f1f7
                                      0x0112f1f9
                                      0x0112f1fd
                                      0x0112f20e
                                      0x0112f1ff
                                      0x0112f1ff
                                      0x0112f201
                                      0x0112f204
                                      0x0112f206
                                      0x0112f206
                                      0x0112f206
                                      0x0112f209
                                      0x0112f209
                                      0x0112f21b
                                      0x0112f221
                                      0x0112f226
                                      0x0112f22a
                                      0x0112f22e
                                      0x00000000
                                      0x0112f22e
                                      0x0112ef14
                                      0x0112ef17
                                      0x0112ef19
                                      0x0112ef26
                                      0x0112ef28
                                      0x0112ef30
                                      0x0112ef32
                                      0x0112ef35
                                      0x0112ef37
                                      0x0112ef3a
                                      0x0112ef3d
                                      0x0112f0ea
                                      0x0112f0ee
                                      0x0112f0ff
                                      0x0112f0f0
                                      0x0112f0f0
                                      0x0112f0f2
                                      0x0112f0f5
                                      0x0112f0f7
                                      0x0112f0f7
                                      0x0112f0f7
                                      0x0112f0fa
                                      0x0112f0fa
                                      0x0112f10a
                                      0x0112f10e
                                      0x0112f113
                                      0x0112f116
                                      0x0112f11a
                                      0x0112f11e
                                      0x0112f133
                                      0x0112f120
                                      0x0112f120
                                      0x0112f122
                                      0x0112f125
                                      0x0112f127
                                      0x0112f127
                                      0x0112f127
                                      0x0112f12a
                                      0x0112f12d
                                      0x0112f12d
                                      0x0112f136
                                      0x0112f139
                                      0x0112f13c
                                      0x0112f13e
                                      0x0112f140
                                      0x0112f140
                                      0x0112f143
                                      0x0112f146
                                      0x0112f146
                                      0x0112f14a
                                      0x0112f15f
                                      0x0112f162
                                      0x0112f14c
                                      0x0112f14c
                                      0x0112f14e
                                      0x0112f151
                                      0x0112f153
                                      0x0112f153
                                      0x0112f153
                                      0x0112f156
                                      0x0112f15a
                                      0x0112f15a
                                      0x0112f165
                                      0x0112f167
                                      0x0112f1a9
                                      0x0112f1af
                                      0x0112f1b2
                                      0x0112f1b9
                                      0x0112f1bf
                                      0x0112f1bb
                                      0x0112f1bb
                                      0x0112f1bb
                                      0x0112f1c3
                                      0x0112f169
                                      0x0112f169
                                      0x0112f16d
                                      0x0112f175
                                      0x0112f17b
                                      0x0112f17f
                                      0x0112f186
                                      0x0112f18d
                                      0x0112f193
                                      0x0112f18f
                                      0x0112f18f
                                      0x0112f18f
                                      0x0112f197
                                      0x0112f19b
                                      0x0112f1a4
                                      0x0112f1a4
                                      0x0112f1c7
                                      0x0112f1cb
                                      0x0112f1e0
                                      0x0112f1e3
                                      0x0112f1cd
                                      0x0112f1cd
                                      0x0112f1cf
                                      0x0112f1d2
                                      0x0112f1d4
                                      0x0112f1d4
                                      0x0112f1d4
                                      0x0112f1d7
                                      0x0112f1db
                                      0x0112f1db
                                      0x0112f1ee
                                      0x00000000
                                      0x0112f1ee
                                      0x0112ef43
                                      0x0112ef46
                                      0x0112f0d0
                                      0x0112f0d5
                                      0x0112f0da
                                      0x0112f0de
                                      0x0112f0e1
                                      0x00000000
                                      0x0112f0e1
                                      0x0112ef4c
                                      0x0112ef4f
                                      0x0112ef7b
                                      0x0112ef7e
                                      0x0112ef80
                                      0x0112ef96
                                      0x0112ef82
                                      0x0112ef82
                                      0x0112ef84
                                      0x0112ef87
                                      0x0112ef89
                                      0x0112ef8b
                                      0x0112ef8b
                                      0x0112ef8b
                                      0x0112ef8e
                                      0x0112ef91
                                      0x0112ef91
                                      0x0112ef99
                                      0x0112ef9c
                                      0x0112ef9f
                                      0x0112efad
                                      0x0112efb0
                                      0x0112efc3
                                      0x0112efc5
                                      0x0112efcf
                                      0x0112efd1
                                      0x0112effa
                                      0x0112effc
                                      0x0112f00d
                                      0x0112effe
                                      0x0112effe
                                      0x0112f000
                                      0x0112f003
                                      0x0112f005
                                      0x0112f005
                                      0x0112f005
                                      0x0112f008
                                      0x0112f008
                                      0x0112efd3
                                      0x0112efe0
                                      0x0112efe2
                                      0x0112efe5
                                      0x0112eff0
                                      0x0112eff0
                                      0x0112eff2
                                      0x0112efe7
                                      0x0112efe7
                                      0x0112efe7
                                      0x0112eff4
                                      0x0112eff4
                                      0x0112f016
                                      0x0112efc7
                                      0x0112efca
                                      0x0112efca
                                      0x0112efb2
                                      0x0112efb8
                                      0x0112efb8
                                      0x0112efa1
                                      0x0112efa9
                                      0x0112efa9
                                      0x0112f025
                                      0x0112f02b
                                      0x0112f031
                                      0x0112f035
                                      0x0112f038
                                      0x0112f03b
                                      0x0112f049
                                      0x0112f04c
                                      0x0112f05f
                                      0x0112f061
                                      0x0112f06b
                                      0x0112f06d
                                      0x0112f096
                                      0x0112f09a
                                      0x0112f0ab
                                      0x0112f09c
                                      0x0112f09c
                                      0x0112f09e
                                      0x0112f0a1
                                      0x0112f0a3
                                      0x0112f0a3
                                      0x0112f0a3
                                      0x0112f0a6
                                      0x0112f0a6
                                      0x0112f06f
                                      0x0112f07c
                                      0x0112f07e
                                      0x0112f081
                                      0x0112f08c
                                      0x0112f08c
                                      0x0112f08e
                                      0x0112f083
                                      0x0112f083
                                      0x0112f083
                                      0x0112f090
                                      0x0112f090
                                      0x0112f0b4
                                      0x0112f063
                                      0x0112f066
                                      0x0112f066
                                      0x0112f04e
                                      0x0112f054
                                      0x0112f054
                                      0x0112f03d
                                      0x0112f045
                                      0x0112f045
                                      0x0112f0b8
                                      0x0112f0be
                                      0x0112f0bf
                                      0x0112f0c2
                                      0x0112f0c4
                                      0x0112f0c6
                                      0x0112f0c6
                                      0x0112f0c9
                                      0x00000000
                                      0x0112f0c9
                                      0x0112ef54
                                      0x00000000
                                      0x0112ef54
                                      0x0112ef2a
                                      0x0112ef21
                                      0x0112ef21
                                      0x00000000
                                      0x0112ef21
                                      0x0112ef1e
                                      0x0112ef1e
                                      0x00000000
                                      0x0112eedb
                                      0x0112eedc
                                      0x0112eede
                                      0x0112eee0
                                      0x0112eee5
                                      0x0112eee7
                                      0x0112eeff
                                      0x00000000
                                      0x0112eeff
                                      0x0112eeee
                                      0x0112eef2
                                      0x00000000
                                      0x00000000
                                      0x0112eca2
                                      0x0112eca4
                                      0x0112eca5
                                      0x0112eca5
                                      0x0112ecab
                                      0x0112ecb5
                                      0x0112ecb5
                                      0x0112ecad
                                      0x0112ecad
                                      0x0112ecad
                                      0x0112ecb7
                                      0x0112ecb9
                                      0x0112ecd8
                                      0x0112ecd8
                                      0x0112ecdc
                                      0x0112ecde
                                      0x0112ed59
                                      0x0112ed5c
                                      0x0112ed60
                                      0x0112ed71
                                      0x0112ed62
                                      0x0112ed62
                                      0x0112ed64
                                      0x0112ed67
                                      0x0112ed69
                                      0x0112ed69
                                      0x0112ed69
                                      0x0112ed6c
                                      0x0112ed6c
                                      0x0112ed74
                                      0x0112ed77
                                      0x0112ed79
                                      0x0112ed93
                                      0x0112ed7b
                                      0x0112ed8b
                                      0x0112ed8b
                                      0x0112ed95
                                      0x0112ed97
                                      0x0112f237
                                      0x0112f237
                                      0x00000000
                                      0x0112ed9d
                                      0x0112ed9d
                                      0x0112eda1
                                      0x0112ee8a
                                      0x0112ee8d
                                      0x0112ee8d
                                      0x00000000
                                      0x0112ee8d
                                      0x0112eda7
                                      0x0112edaf
                                      0x0112edb2
                                      0x0112ee73
                                      0x0112ee78
                                      0x0112ee7c
                                      0x0112ee7e
                                      0x0112ee81
                                      0x00000000
                                      0x0112ee81
                                      0x0112edb8
                                      0x0112edc1
                                      0x0112edc3
                                      0x0112edcd
                                      0x0112edcf
                                      0x0112edd0
                                      0x0112edd0
                                      0x0112edd0
                                      0x00000000
                                      0x0112edd0
                                      0x0112edc7
                                      0x0112edca
                                      0x00000000
                                      0x0112edca
                                      0x0112ed97
                                      0x0112ece0
                                      0x0112ece3
                                      0x0112ece7
                                      0x0112ecf0
                                      0x0112ecf0
                                      0x0112ecf0
                                      0x0112ecf5
                                      0x0112ecf8
                                      0x0112ed08
                                      0x0112ed0b
                                      0x0112ed0d
                                      0x0112ed2a
                                      0x0112ed0f
                                      0x0112ed1d
                                      0x0112ed1f
                                      0x0112ed22
                                      0x0112ed22
                                      0x0112ed2c
                                      0x0112ed2e
                                      0x00000000
                                      0x0112ed34
                                      0x0112ed34
                                      0x0112ed37
                                      0x00000000
                                      0x00000000
                                      0x0112ed39
                                      0x0112ed3d
                                      0x0112ed4e
                                      0x0112ed3f
                                      0x0112ed3f
                                      0x0112ed41
                                      0x0112ed44
                                      0x0112ed46
                                      0x0112ed46
                                      0x0112ed46
                                      0x0112ed49
                                      0x0112ed49
                                      0x0112ed51
                                      0x00000000
                                      0x0112ed51
                                      0x0112ecfa
                                      0x0112ecfa
                                      0x0112ecfd
                                      0x0112ede0
                                      0x0112ede0
                                      0x0112ede2
                                      0x0112ef5d
                                      0x00000000
                                      0x0112ef5d
                                      0x0112ede8
                                      0x00000000
                                      0x0112ede8
                                      0x0112ecbb
                                      0x0112ecbc
                                      0x0112ecc0
                                      0x0112ecc5
                                      0x0112ecc7
                                      0x00000000
                                      0x00000000
                                      0x0112ecce
                                      0x0112ecd2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0112ecd2
                                      0x0112ecb9
                                      0x0112eed9
                                      0x0112eeae
                                      0x0112eea5
                                      0x0112eea5
                                      0x00000000
                                      0x0112eea5
                                      0x0112eea2
                                      0x0112eea2
                                      0x00000000
                                      0x0112eea2
                                      0x0112ee04
                                      0x0112edd8
                                      0x0112edde
                                      0x00000000
                                      0x0112edde
                                      0x0112ebfb
                                      0x0112ebdb
                                      0x0112ebe0
                                      0x0112ebe2
                                      0x00000000
                                      0x0112ebe4
                                      0x0112ebe4
                                      0x00000000
                                      0x0112ebe4
                                      0x0112ebac
                                      0x0112ebac
                                      0x0112ebb6
                                      0x0112ebbc
                                      0x0112f283
                                      0x0112f293
                                      0x0112f293

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: @
                                      • API String ID: 3446177414-2766056989
                                      • Opcode ID: 354ec52c5b7aefdf83f839c669ffd769ced5f04d60bc4f2d4dffc9371ad4ffba
                                      • Instruction ID: 9a330433538b4292e48143d01089cc9b999a49116f00e6ea4b1801868644a9a1
                                      • Opcode Fuzzy Hash: 354ec52c5b7aefdf83f839c669ffd769ced5f04d60bc4f2d4dffc9371ad4ffba
                                      • Instruction Fuzzy Hash: 7332C0702056768BEB2DCF2DC090772BBF1BF05300F18845AE9868B286D735E476CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01098794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 83%
                                      			E01098794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0109934A() != 0) {
								_t159 = E0110A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1175780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01105510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1175780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0109849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01098999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01098999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1175c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1175c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E010A2280(_t92, 0x11786cc);
															_t94 = E01159DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010B61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1175c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01098A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1175c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1175c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E010CF380(_t136, 0x1061184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E010A2280(_t108, 0x11786cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010B61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01159D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0109FFB0(_t118, _t156, 0x11786cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E010C9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                      0x01098799
                                      0x0109879d
                                      0x010987a1
                                      0x010987a3
                                      0x010987a8
                                      0x010987c3
                                      0x010987c3
                                      0x010987c8
                                      0x010987d1
                                      0x010987d4
                                      0x010987d8
                                      0x010987e5
                                      0x010987ec
                                      0x010e9bfe
                                      0x010e9c00
                                      0x010e9c02
                                      0x010e9c08
                                      0x010e9c0d
                                      0x010e9c0f
                                      0x010e9c14
                                      0x010e9c2d
                                      0x010e9c32
                                      0x010e9c37
                                      0x010e9c3a
                                      0x010e9c3c
                                      0x010e9c42
                                      0x010e9c42
                                      0x010e9c3c
                                      0x010e9c02
                                      0x010987da
                                      0x010987df
                                      0x010987e3
                                      0x00000000
                                      0x00000000
                                      0x010987e3
                                      0x010987f2
                                      0x00000000
                                      0x010987fb
                                      0x010987fd
                                      0x010987fe
                                      0x0109880e
                                      0x0109880f
                                      0x01098810
                                      0x01098814
                                      0x0109881a
                                      0x0109881c
                                      0x0109881f
                                      0x01098821
                                      0x01098822
                                      0x01098824
                                      0x01098826
                                      0x0109882c
                                      0x0109882e
                                      0x010e9c48
                                      0x010e9c48
                                      0x01098834
                                      0x01098834
                                      0x01098837
                                      0x00000000
                                      0x00000000
                                      0x01098837
                                      0x0109882e
                                      0x0109883d
                                      0x01098840
                                      0x01098843
                                      0x01098846
                                      0x01098849
                                      0x0109884c
                                      0x0109884e
                                      0x01098850
                                      0x01098852
                                      0x01098854
                                      0x01098857
                                      0x010988b4
                                      0x010988b6
                                      0x010988b6
                                      0x01098859
                                      0x01098859
                                      0x01098859
                                      0x01098861
                                      0x01098866
                                      0x0109886a
                                      0x0109893d
                                      0x01098941
                                      0x00000000
                                      0x01098947
                                      0x01098947
                                      0x0109894a
                                      0x0109894c
                                      0x00000000
                                      0x01098952
                                      0x01098955
                                      0x0109895a
                                      0x0109895d
                                      0x0109895d
                                      0x0109895f
                                      0x01098961
                                      0x01098961
                                      0x01098968
                                      0x00000000
                                      0x00000000
                                      0x0109896a
                                      0x0109896b
                                      0x0109896e
                                      0x00000000
                                      0x01098970
                                      0x01098970
                                      0x01098970
                                      0x01098970
                                      0x01098972
                                      0x01098972
                                      0x01098974
                                      0x00000000
                                      0x0109897a
                                      0x0109897a
                                      0x0109897d
                                      0x00000000
                                      0x01098983
                                      0x010e9c65
                                      0x010e9c6d
                                      0x010e9c72
                                      0x010e9c75
                                      0x010e9c75
                                      0x010e9c82
                                      0x010e9c86
                                      0x010e9c87
                                      0x010e9c88
                                      0x010e9c89
                                      0x010e9c8c
                                      0x010e9c90
                                      0x010e9c95
                                      0x010e9c97
                                      0x010e9ca0
                                      0x010e9ca3
                                      0x010e9ca9
                                      0x010e9ca9
                                      0x00000000
                                      0x010e9ca9
                                      0x010e9ca3
                                      0x00000000
                                      0x010e9c97
                                      0x0109897d
                                      0x00000000
                                      0x01098974
                                      0x01098988
                                      0x01098992
                                      0x01098996
                                      0x00000000
                                      0x01098996
                                      0x0109894c
                                      0x00000000
                                      0x01098870
                                      0x0109887b
                                      0x0109887d
                                      0x0109887f
                                      0x01098881
                                      0x01098884
                                      0x01098884
                                      0x01098886
                                      0x01098889
                                      0x0109888c
                                      0x0109888e
                                      0x01098891
                                      0x01098891
                                      0x01098898
                                      0x00000000
                                      0x00000000
                                      0x0109889a
                                      0x0109889b
                                      0x0109889e
                                      0x00000000
                                      0x00000000
                                      0x010988a0
                                      0x010988a8
                                      0x010988b0
                                      0x010988b2
                                      0x010988d3
                                      0x010988d5
                                      0x00000000
                                      0x010988d7
                                      0x010988db
                                      0x010988dc
                                      0x010988e0
                                      0x010988e8
                                      0x010988ee
                                      0x010988f0
                                      0x010988f3
                                      0x010988fc
                                      0x01098901
                                      0x01098906
                                      0x0109890c
                                      0x0109890c
                                      0x0109890f
                                      0x01098916
                                      0x01098917
                                      0x01098918
                                      0x01098919
                                      0x0109891a
                                      0x0109891f
                                      0x01098921
                                      0x010e9c52
                                      0x010e9c55
                                      0x010e9c5b
                                      0x010e9cac
                                      0x010e9cc0
                                      0x010e9cc0
                                      0x010e9c55
                                      0x01098927
                                      0x01098927
                                      0x0109892f
                                      0x01098933
                                      0x00000000
                                      0x010988f5
                                      0x010988f5
                                      0x00000000
                                      0x010988f7
                                      0x010988f7
                                      0x010988fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010988fa
                                      0x010988f5
                                      0x010988f3
                                      0x00000000
                                      0x010988d5
                                      0x00000000
                                      0x010988b2
                                      0x010988c9
                                      0x00000000
                                      0x010988c9
                                      0x0109887f
                                      0x0109886a
                                      0x01098857
                                      0x01098852
                                      0x010988bf
                                      0x010988bf
                                      0x010987aa
                                      0x010987ad
                                      0x010987ae
                                      0x010987b4
                                      0x010987b5
                                      0x010987b6
                                      0x010987b8
                                      0x010987bd
                                      0x010987c1
                                      0x010987f4
                                      0x010987fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010987c1
                                      0x00000000

                                      Strings
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 010E9C28
                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 010E9C18
                                      • LdrpDoPostSnapWork, xrefs: 010E9C1E
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 0-1948996284
                                      • Opcode ID: 5e2493c62a234bb6ecbcfeb70b0149bd92e93facb84df51546e3f7a0df2e2755
                                      • Instruction ID: 6586839ab008fbc545ce534ad5fbb018c98c1edbac6b65d4fd63a8edac62409c
                                      • Opcode Fuzzy Hash: 5e2493c62a234bb6ecbcfeb70b0149bd92e93facb84df51546e3f7a0df2e2755
                                      • Instruction Fuzzy Hash: DF910331A0020EEFDF58DF59C4A0AAEB7F5FF46314B4480AAD985AB340D730E941DBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01088239 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 73%
                                      			E01088239(signed int* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				short _v578;
				char _v580;
				signed int _v584;
				intOrPtr _v586;
				char _v588;
				char* _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				char* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				char _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				char* _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t94;
				char* _t99;
				intOrPtr _t118;
				intOrPtr _t122;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				intOrPtr _t138;
				intOrPtr _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				signed int _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x117d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E01096D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E010CB640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E010C9650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E01096D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(E0109AA20( &_v560,  &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E010C9820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E010C9600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E01096D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E010C95D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E010C9650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
									}
									_t147 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
									if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
										_t122 =  *0x1177b9c; // 0x0
										_t150 = E010A4620(_t147, _t147, _t122 + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(E01099660( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E010C95D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E010C95D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                      0x01088239
                                      0x0108824b
                                      0x0108824e
                                      0x0108825d
                                      0x01088260
                                      0x0108826e
                                      0x01088275
                                      0x0108827b
                                      0x0108827d
                                      0x01088287
                                      0x01088294
                                      0x010882ce
                                      0x010882de
                                      0x010882de
                                      0x0108829c
                                      0x0108829d
                                      0x010882a8
                                      0x010882a9
                                      0x010882b1
                                      0x010882b2
                                      0x010882b4
                                      0x010882bb
                                      0x010e2dfa
                                      0x010882cc
                                      0x010882cc
                                      0x010e2e19
                                      0x010e2e19
                                      0x010e2e1b
                                      0x010e2e1e
                                      0x010e2e30
                                      0x010e2e3d
                                      0x00000000
                                      0x00000000
                                      0x010e2e5a
                                      0x010e2e61
                                      0x010e2e68
                                      0x010e2e72
                                      0x010e2e72
                                      0x010e2e78
                                      0x010e2e7e
                                      0x010e2e80
                                      0x010e2e86
                                      0x010e2e8c
                                      0x010e2e8c
                                      0x010e2e92
                                      0x010e2e93
                                      0x010e2e99
                                      0x010e2e9a
                                      0x010e2e9c
                                      0x010e2e9d
                                      0x010e2ea4
                                      0x010e2ea8
                                      0x00000000
                                      0x00000000
                                      0x010e2eae
                                      0x010e2eb8
                                      0x010e2ec3
                                      0x010e2eca
                                      0x010e2ed1
                                      0x010e2edb
                                      0x010e2ee3
                                      0x010e2eef
                                      0x010e2efb
                                      0x010e2efc
                                      0x010e2f08
                                      0x010e2f12
                                      0x010e2f13
                                      0x010e2f22
                                      0x010e2f26
                                      0x00000000
                                      0x00000000
                                      0x010e2f3d
                                      0x010e2f41
                                      0x010e3069
                                      0x010e3069
                                      0x010e306f
                                      0x00000000
                                      0x010e306f
                                      0x010e2f47
                                      0x010e2f4d
                                      0x010e2f53
                                      0x010e2f59
                                      0x010e2f5a
                                      0x010e2f5b
                                      0x010e2f5c
                                      0x010e2f64
                                      0x010e2f65
                                      0x010e2f70
                                      0x010e2f78
                                      0x010e2f84
                                      0x010e2f92
                                      0x010e2f92
                                      0x010e2f9d
                                      0x010e2fa2
                                      0x010e2fed
                                      0x010e3004
                                      0x010e3008
                                      0x00000000
                                      0x00000000
                                      0x010e300a
                                      0x010e3010
                                      0x010e3012
                                      0x010e3018
                                      0x00000000
                                      0x010e2fa4
                                      0x010e2fa4
                                      0x010e2fa6
                                      0x010e2fa6
                                      0x00000000
                                      0x010e2fa6
                                      0x010e2fab
                                      0x010e2fab
                                      0x010e2fab
                                      0x010e2fab
                                      0x010e2fb1
                                      0x010e2fb1
                                      0x010e2fc1
                                      0x010e2fc7
                                      0x010e2fcf
                                      0x010e3020
                                      0x010e302a
                                      0x00000000
                                      0x00000000
                                      0x010e302c
                                      0x010e3034
                                      0x00000000
                                      0x00000000
                                      0x010e3036
                                      0x010e3039
                                      0x010e3040
                                      0x010e304a
                                      0x010e3067
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e3067
                                      0x010e2fd1
                                      0x010e2fd7
                                      0x010e2fdc
                                      0x010e2fe4
                                      0x010e2fe6
                                      0x010e3074
                                      0x010e307a
                                      0x010e3080
                                      0x010e3081
                                      0x010e3087
                                      0x010e3091
                                      0x010e309f
                                      0x010e309f
                                      0x010e30a6
                                      0x010e30a8
                                      0x010e30aa
                                      0x010e30b5
                                      0x010e30b5
                                      0x010e30b7
                                      0x010e30bf
                                      0x010e30c1
                                      0x010e30c1
                                      0x00000000
                                      0x010e2dfa
                                      0x010882c6
                                      0x010e2ddd
                                      0x00000000
                                      0x00000000
                                      0x010e2de8
                                      0x00000000
                                      0x00000000
                                      0x010e2dee
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: FilterFullPath$UseFilter$\??\
                                      • API String ID: 0-2779062949
                                      • Opcode ID: 8d39314646b76356cc2fa569f5f62547adaf37b68924c33e0089045bede582b5
                                      • Instruction ID: 221acf8214e11f177def54abe7bccdbef16852cc2b593c5f1f0140a2d91cdb55
                                      • Opcode Fuzzy Hash: 8d39314646b76356cc2fa569f5f62547adaf37b68924c33e0089045bede582b5
                                      • Instruction Fuzzy Hash: 18A15B319016299FDB31DB69CC88BEEBBB8EF44714F1041EAE948A7250D7359E84CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E010BAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E010DD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1178a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E010C96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01133C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E010C96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0108B150();
							} else {
								E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0108B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E011414FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E010A7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01141411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E010A7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01141411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                      0x010bac85
                                      0x010bac88
                                      0x010bac8a
                                      0x010bac8d
                                      0x010bac91
                                      0x010bac99
                                      0x010bac9c
                                      0x010f9f57
                                      0x010f9f5b
                                      0x010f9f60
                                      0x010f9f60
                                      0x010baca8
                                      0x010bacae
                                      0x010bacda
                                      0x010bacde
                                      0x010bace8
                                      0x010baceb
                                      0x010bacee
                                      0x00000000
                                      0x010bacee
                                      0x010bacf6
                                      0x010bacb0
                                      0x010bacb0
                                      0x010bacbb
                                      0x010bacbd
                                      0x010bacc0
                                      0x010bacc5
                                      0x010badae
                                      0x010badb4
                                      0x010badb4
                                      0x010bacd4
                                      0x010bacd8
                                      0x010bacf9
                                      0x010bacff
                                      0x010bad04
                                      0x010bad08
                                      0x010bad09
                                      0x010bad10
                                      0x010bad12
                                      0x010bad18
                                      0x010f9f6f
                                      0x010f9f74
                                      0x010f9f76
                                      0x010f9f7c
                                      0x010f9f84
                                      0x010f9f88
                                      0x010f9f89
                                      0x010f9f90
                                      0x010f9f90
                                      0x010f9f76
                                      0x010bad1e
                                      0x010bad24
                                      0x010bad26
                                      0x010fa097
                                      0x010fa09b
                                      0x010fa0ba
                                      0x010fa0bf
                                      0x010fa09d
                                      0x010fa0b2
                                      0x010fa0b7
                                      0x010fa0c5
                                      0x010fa0c8
                                      0x010fa0cb
                                      0x010fa0d2
                                      0x00000000
                                      0x010bad2c
                                      0x010bad2c
                                      0x010bad2f
                                      0x010bad34
                                      0x010bad36
                                      0x010f9f97
                                      0x010f9f9a
                                      0x00000000
                                      0x00000000
                                      0x010f9fa9
                                      0x010bad3e
                                      0x010bad3e
                                      0x010bad41
                                      0x010f9fb3
                                      0x010f9fb9
                                      0x010f9fc0
                                      0x010f9fd0
                                      0x010f9fd0
                                      0x010f9fc0
                                      0x010bad4a
                                      0x010bad50
                                      0x010bad5c
                                      0x010bad62
                                      0x010bad68
                                      0x010bad6b
                                      0x010bad6d
                                      0x010f9fda
                                      0x010f9fdd
                                      0x00000000
                                      0x00000000
                                      0x010f9fec
                                      0x00000000
                                      0x010bad73
                                      0x010bad73
                                      0x010bad73
                                      0x010bad75
                                      0x010bad75
                                      0x010bad78
                                      0x010f9ff6
                                      0x010f9ffc
                                      0x010fa003
                                      0x010fa00e
                                      0x010fa010
                                      0x010fa01b
                                      0x010fa01b
                                      0x010fa01b
                                      0x010fa038
                                      0x010fa038
                                      0x010fa003
                                      0x010bad84
                                      0x010bad89
                                      0x010bad8c
                                      0x010bad8e
                                      0x010fa042
                                      0x010fa045
                                      0x00000000
                                      0x00000000
                                      0x010fa054
                                      0x00000000
                                      0x010bad94
                                      0x010bad94
                                      0x010bad94
                                      0x010bad96
                                      0x010bad96
                                      0x010bad99
                                      0x010fa063
                                      0x010fa065
                                      0x010fa070
                                      0x010fa070
                                      0x010fa070
                                      0x010fa08d
                                      0x010fa08d
                                      0x010bada4
                                      0x010bada6
                                      0x00000000
                                      0x010bada6
                                      0x010bad8e
                                      0x010bad6d
                                      0x010bad3c
                                      0x010bad3c
                                      0x00000000
                                      0x010bad3c
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010bacd8

                                      Strings
                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 010FA0CD
                                      • HEAP[%wZ]: , xrefs: 010FA0AD
                                      • HEAP: , xrefs: 010FA0BA
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                      • API String ID: 0-1340214556
                                      • Opcode ID: 8d5baacea2cdbccf16122e1041a22f8621f9177f5b791e000fb9013183a84a12
                                      • Instruction ID: 13ab3d089999b30b73f40e52062b7e151a20e09044f0cc93e0f5c0addf332a02
                                      • Opcode Fuzzy Hash: 8d5baacea2cdbccf16122e1041a22f8621f9177f5b791e000fb9013183a84a12
                                      • Instruction Fuzzy Hash: E181E631304685EFD726DBA8C885BAABBF8FF04714F0441A9E6D68B792D774E940CB10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E010AB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0114A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1178748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0108B150();
					__eflags =  *0x1177bc8;
					if(__eflags == 0) {
						E01142073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0114A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1178720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1178720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E010AB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0114A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E010AE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                      0x010ab746
                                      0x010ab74b
                                      0x010ab74d
                                      0x010ab750
                                      0x010ab755
                                      0x010ab758
                                      0x010ab758
                                      0x010ab75e
                                      0x010ab763
                                      0x010ab764
                                      0x010ab76a
                                      0x010ab76d
                                      0x010ab771
                                      0x010ab776
                                      0x010ab85c
                                      0x010ab85d
                                      0x010ab860
                                      0x010ab865
                                      0x010f2ba1
                                      0x010f2ba2
                                      0x010f2ba9
                                      0x010f2bae
                                      0x010f2bae
                                      0x010ab77c
                                      0x010ab77c
                                      0x010ab77c
                                      0x010ab785
                                      0x010ab788
                                      0x010f2bb6
                                      0x010f2bb9
                                      0x00000000
                                      0x00000000
                                      0x010f2bbf
                                      0x010f2bc5
                                      0x010f2bc9
                                      0x010f2be8
                                      0x010f2bed
                                      0x010f2bcb
                                      0x010f2be0
                                      0x010f2be5
                                      0x010f2bf3
                                      0x010f2bf8
                                      0x010f2bfd
                                      0x010f2c05
                                      0x010f2c0e
                                      0x010f2c0e
                                      0x00000000
                                      0x010ab78e
                                      0x010ab78e
                                      0x010ab78e
                                      0x010ab791
                                      0x010ab791
                                      0x010ab797
                                      0x010ab797
                                      0x010ab79f
                                      0x010ab7a9
                                      0x010ab7af
                                      0x010ab7af
                                      0x010ab7b1
                                      0x010ab7b6
                                      0x010ab7e2
                                      0x010ab7e2
                                      0x010ab7e7
                                      0x010ab880
                                      0x010ab7ed
                                      0x010ab7ed
                                      0x010ab7ed
                                      0x010ab7ef
                                      0x010ab7f2
                                      0x010ab7f2
                                      0x010ab7f5
                                      0x010ab7fa
                                      0x010f2c2d
                                      0x010f2c2e
                                      0x010f2c39
                                      0x010ab800
                                      0x010ab800
                                      0x010ab802
                                      0x010ab805
                                      0x010ab808
                                      0x010ab808
                                      0x010ab80a
                                      0x010ab80d
                                      0x010ab816
                                      0x010ab81c
                                      0x010ab822
                                      0x010ab82f
                                      0x010ab88b
                                      0x010ab892
                                      0x010ab897
                                      0x010ab899
                                      0x010ab89b
                                      0x010ab89e
                                      0x010ab8a5
                                      0x010ab8a8
                                      0x010ab8aa
                                      0x010ab8ac
                                      0x010ab8ac
                                      0x010ab8aa
                                      0x010ab892
                                      0x010ab831
                                      0x010ab839
                                      0x010ab83b
                                      0x010ab83b
                                      0x010ab844
                                      0x010ab84b
                                      0x010ab852
                                      0x010ab7b8
                                      0x010ab7ba
                                      0x010ab7bf
                                      0x010ab7c4
                                      0x010f2c18
                                      0x010f2c19
                                      0x010f2c23
                                      0x010ab7ca
                                      0x010ab7ca
                                      0x010ab7cc
                                      0x010ab7cf
                                      0x010ab7d1
                                      0x010ab7d1
                                      0x010ab7d4
                                      0x010ab7dc
                                      0x010ab8bb
                                      0x010ab8bb
                                      0x010ab8be
                                      0x010ab8be
                                      0x010ab8c1
                                      0x00000000
                                      0x00000000
                                      0x010ab8c3
                                      0x010ab8c5
                                      0x010ab8c7
                                      0x010ab8e0
                                      0x00000000
                                      0x010ab8e0
                                      0x010ab8cc
                                      0x010ab8cc
                                      0x00000000
                                      0x010ab8cc
                                      0x010ab8d6
                                      0x010ab8d6
                                      0x00000000
                                      0x010ab7dc
                                      0x010ab7b6

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-1334570610
                                      • Opcode ID: 2accf0b4a9ed5608bef6c7d0595af9cd6fa9527f43cc9a3677bf270132cb3d56
                                      • Instruction ID: ccb7fd0f34e2fc3699b791b69ee12860182b3cb78654c518516d86231b91f6f1
                                      • Opcode Fuzzy Hash: 2accf0b4a9ed5608bef6c7d0595af9cd6fa9527f43cc9a3677bf270132cb3d56
                                      • Instruction Fuzzy Hash: 7961E470600205DFDB69DF68C445BAABFE5FF44704F9885ADE88A8F241D770E891CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011323E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 64%
                                      			E011323E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x117874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x117874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E010DD4F0(_t83, 0x1066c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0108B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1176378 = 1;
						asm("int3");
						 *0x1176378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                      0x011323e3
                                      0x011323e8
                                      0x011323eb
                                      0x011323ee
                                      0x011323f3
                                      0x0113259b
                                      0x0113259b
                                      0x0113259d
                                      0x011325a3
                                      0x011325a3
                                      0x011323fb
                                      0x01132424
                                      0x0113244f
                                      0x01132460
                                      0x01132451
                                      0x01132451
                                      0x01132456
                                      0x01132458
                                      0x01132458
                                      0x0113245b
                                      0x0113245b
                                      0x01132426
                                      0x01132431
                                      0x01132436
                                      0x01132443
                                      0x01132438
                                      0x01132438
                                      0x01132438
                                      0x01132445
                                      0x01132445
                                      0x01132463
                                      0x01132469
                                      0x0113246f
                                      0x01132480
                                      0x01132495
                                      0x011324a1
                                      0x011324ce
                                      0x011324df
                                      0x011324d0
                                      0x011324d0
                                      0x011324d5
                                      0x011324d7
                                      0x011324d7
                                      0x011324da
                                      0x011324da
                                      0x011324a3
                                      0x011324b0
                                      0x011324b5
                                      0x011324c2
                                      0x011324b7
                                      0x011324b7
                                      0x011324b7
                                      0x011324c4
                                      0x011324c4
                                      0x011324e8
                                      0x01132497
                                      0x0113249a
                                      0x0113249a
                                      0x01132482
                                      0x01132488
                                      0x01132488
                                      0x01132471
                                      0x01132479
                                      0x01132479
                                      0x011324ef
                                      0x011323fd
                                      0x01132401
                                      0x01132412
                                      0x01132403
                                      0x01132403
                                      0x01132408
                                      0x0113240a
                                      0x0113240a
                                      0x0113240d
                                      0x0113240d
                                      0x0113241b
                                      0x0113241b
                                      0x011324f1
                                      0x011324f6
                                      0x01132507
                                      0x01132510
                                      0x00000000
                                      0x01132510
                                      0x0113250b
                                      0x00000000
                                      0x011324f8
                                      0x011324f8
                                      0x011324fc
                                      0x01132500
                                      0x01132512
                                      0x01132515
                                      0x0113251a
                                      0x01132521
                                      0x01132524
                                      0x01132529
                                      0x0113252f
                                      0x00000000
                                      0x00000000
                                      0x0113253c
                                      0x0113255c
                                      0x01132561
                                      0x0113253e
                                      0x01132554
                                      0x01132559
                                      0x0113256a
                                      0x0113256d
                                      0x01132574
                                      0x01132586
                                      0x01132588
                                      0x0113258f
                                      0x01132590
                                      0x01132590
                                      0x01132597
                                      0x00000000
                                      0x01132597

                                      Strings
                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0113256F
                                      • HEAP[%wZ]: , xrefs: 0113254F
                                      • HEAP: , xrefs: 0113255C
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                      • API String ID: 0-3815128232
                                      • Opcode ID: 7d2628ce7baf0708a2a5f476c57a35ef49c743801839193b5282713aaea5a9a0
                                      • Instruction ID: a9bc3babdd83cdf7a46c6d35bc32fb47883c067e36a2c60d6908b8c2a48f5a90
                                      • Opcode Fuzzy Hash: 7d2628ce7baf0708a2a5f476c57a35ef49c743801839193b5282713aaea5a9a0
                                      • Instruction Fuzzy Hash: 7B512634204250CAE73CEE2EC8447B27BF1DBC4644F558859E8D68B289D33AD846DB21
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AEB9A Relevance: 3.9, Strings: 3, Instructions: 156COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E010AEB9A(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t62;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t77;
				signed int* _t91;
				intOrPtr _t92;
				signed int _t95;
				signed char _t109;
				signed int _t114;
				unsigned int _t119;
				intOrPtr* _t122;
				intOrPtr _t127;
				signed int _t130;
				void* _t135;

				_t92 = __ecx;
				_t122 = __edx;
				_v8 = __ecx;
				 *((intOrPtr*)(__ecx + 0xb4)) = __edx;
				if( *__edx != 0) {
					_t95 =  *((intOrPtr*)(__edx + 4)) -  *((intOrPtr*)(__edx + 0x14)) - 1;
					__eflags =  *(__edx + 8);
					if(__eflags != 0) {
						_t95 = _t95 + _t95;
					}
					 *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) =  *( *((intOrPtr*)(_t122 + 0x20)) + _t95 * 4) & 0x00000000;
					asm("btr eax, esi");
					_t92 = _v8;
				}
				_t62 = _t92 + 0xc0;
				_t127 =  *((intOrPtr*)(_t62 + 4));
				while(1) {
					L2:
					_v12 = _t127;
					if(_t62 == _t127) {
						break;
					}
					_t7 = _t127 - 8; // -8
					_t91 = _t7;
					if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
						_t119 =  *(_t92 + 0x50) ^  *_t91;
						 *_t91 = _t119;
						_t109 = _t119 >> 0x00000010 ^ _t119 >> 0x00000008 ^ _t119;
						if(_t119 >> 0x18 != _t109) {
							_push(_t109);
							E0113FA2B(_t91, _v8, _t91, _t122, _t127, __eflags);
						}
						_t92 = _v8;
					}
					_t114 =  *_t91 & 0x0000ffff;
					_t63 = _t122;
					_t135 = _t114 -  *((intOrPtr*)(_t122 + 4));
					while(1) {
						_v20 = _t63;
						if(_t135 < 0) {
							break;
						}
						_t130 =  *_t63;
						_v16 = _t130;
						_t127 = _v12;
						if(_t130 != 0) {
							_t63 = _v16;
							__eflags = _t114 -  *((intOrPtr*)(_t63 + 4));
							continue;
						}
						_v16 =  *((intOrPtr*)(_t63 + 4)) - 1;
						L10:
						if( *_t122 != 0) {
							_t64 =  *((intOrPtr*)(_t122 + 4));
							__eflags = _t114 - _t64;
							_t65 = _t64 - 1;
							__eflags = _t65;
							if(_t65 < 0) {
								_t65 = _t114;
							}
							E010ABC04(_t92, _t122, 1, _t127, _t65, _t114);
						}
						E010AE4A0(_v8, _v20, 1, _t127, _v16,  *_t91 & 0x0000ffff);
						if( *0x1178748 >= 1) {
							__eflags =  *( *((intOrPtr*)(_v20 + 0x1c)) + (_v16 -  *((intOrPtr*)(_v20 + 0x14)) >> 5) * 4) & 1 << (_v16 -  *((intOrPtr*)(_v20 + 0x14)) & 0x0000001f);
							if(__eflags == 0) {
								_t77 =  *[fs:0x30];
								__eflags =  *(_t77 + 0xc);
								if( *(_t77 + 0xc) == 0) {
									_push("HEAP: ");
									E0108B150();
								} else {
									E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))");
								E0108B150();
								__eflags =  *0x1177bc8;
								if(__eflags == 0) {
									__eflags = 1;
									E01142073(_t91, 1, _t122, 1);
								}
							}
							_t127 = _v12;
						}
						_t92 = _v8;
						if( *((intOrPtr*)(_t92 + 0x4c)) != 0) {
							_t91[0] = _t91[0] ^ _t91[0] ^  *_t91;
							 *_t91 =  *_t91 ^  *(_t92 + 0x50);
						}
						_t127 =  *((intOrPtr*)(_t127 + 4));
						_t62 = _t92 + 0xc0;
						goto L2;
					}
					_v16 = _t114;
					goto L10;
				}
				return _t62;
			}


























                                      0x010aeb9a
                                      0x010aeba5
                                      0x010aeba7
                                      0x010aebaa
                                      0x010aebb3
                                      0x010aeca0
                                      0x010aeca1
                                      0x010aeca5
                                      0x010aecd1
                                      0x010aecd1
                                      0x010aecaa
                                      0x010aecc3
                                      0x010aecc9
                                      0x010aecc9
                                      0x010aebb9
                                      0x010aebbf
                                      0x010aebc2
                                      0x010aebc2
                                      0x010aebc2
                                      0x010aebc7
                                      0x00000000
                                      0x00000000
                                      0x010aebd1
                                      0x010aebd1
                                      0x010aebd4
                                      0x010aebd9
                                      0x010aebdd
                                      0x010aebe9
                                      0x010aebf0
                                      0x010f4258
                                      0x010f425e
                                      0x010f425e
                                      0x010aebf6
                                      0x010aebf6
                                      0x010aebf9
                                      0x010aebfc
                                      0x010aebfe
                                      0x010aec01
                                      0x010aec01
                                      0x010aec04
                                      0x00000000
                                      0x00000000
                                      0x010aec0a
                                      0x010aec0e
                                      0x010aec11
                                      0x010aec14
                                      0x010aec8f
                                      0x010aec92
                                      0x00000000
                                      0x010aec92
                                      0x010aec1a
                                      0x010aec1d
                                      0x010aec20
                                      0x010aec72
                                      0x010aec75
                                      0x010aec77
                                      0x010aec77
                                      0x010aec78
                                      0x010aec7a
                                      0x010aec7a
                                      0x010aec83
                                      0x010aec83
                                      0x010aec32
                                      0x010aec3e
                                      0x010f4281
                                      0x010f4284
                                      0x010f4286
                                      0x010f428c
                                      0x010f4290
                                      0x010f42af
                                      0x010f42b4
                                      0x010f4292
                                      0x010f42a7
                                      0x010f42ac
                                      0x010f42ba
                                      0x010f42bf
                                      0x010f42c4
                                      0x010f42cc
                                      0x010f42d0
                                      0x010f42d1
                                      0x010f42d1
                                      0x010f42cc
                                      0x010f42d6
                                      0x010f42d6
                                      0x010aec44
                                      0x010aec4b
                                      0x010aec55
                                      0x010aec5b
                                      0x010aec5b
                                      0x010aec5d
                                      0x010aec60
                                      0x00000000
                                      0x010aec60
                                      0x010aec8a
                                      0x00000000
                                      0x010aec8a
                                      0x010aec71

                                      Strings
                                      • HEAP[%wZ]: , xrefs: 010F42A2
                                      • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 010F42BA
                                      • HEAP: , xrefs: 010F42AF
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                      • API String ID: 0-1596344177
                                      • Opcode ID: 032702c1594ce4bfd3f03c71f59cd153d628f42c65890594aad641dd18fc53e2
                                      • Instruction ID: 650617df3e9bced93e5f2539a36027a37942b7b46bbbf84d5818f1f888abff16
                                      • Opcode Fuzzy Hash: 032702c1594ce4bfd3f03c71f59cd153d628f42c65890594aad641dd18fc53e2
                                      • Instruction Fuzzy Hash: A551BF31A00519EFDB58DF98C584AAEBBF1FF84310F9581A9D9859B342D731ED42CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01083FC5 Relevance: 3.9, Strings: 3, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E01083FC5(signed int __edx, intOrPtr _a4) {
				void* __ecx;
				signed char _t44;
				signed char _t48;
				intOrPtr* _t50;
				unsigned int _t51;
				signed char _t52;
				signed int _t58;
				signed int _t59;
				intOrPtr _t62;
				intOrPtr* _t64;
				signed int _t65;
				signed int _t78;

				_t58 = __edx;
				_t78 = _t59;
				if(__edx == 0 || (__edx & 0x00000007) != 0) {
					L37:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0108B150();
					} else {
						E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t58 + 8);
					_push(_t78);
					E0108B150("Invalid address specified to %s( %p, %p )\n", _a4);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1176378 = 1;
						asm("int3");
						 *0x1176378 = 0;
					}
					return 0;
				} else {
					_t44 =  *((intOrPtr*)(__edx + 7));
					if((_t44 & 0x0000003f) == 0) {
						goto L37;
					}
					if(_t44 < 0) {
						if( *((char*)(_t78 + 0xda)) != 2) {
							_t62 = 0;
						} else {
							_t62 =  *((intOrPtr*)(_t78 + 0xd4));
						}
						if(_t62 != 0) {
							if(_t44 != 4) {
								L23:
								return 1;
							}
						}
						goto L37;
					}
					if( *(_t78 + 0x4c) == 0 || ( *(_t78 + 0x50) ^  *__edx) >> 0x18 == (( *(_t78 + 0x50) ^  *__edx) >> 0x00000010 ^ ( *(_t78 + 0x50) ^  *__edx) >> 0x00000008 ^ _t76)) {
						if( *((char*)(_t58 + 7)) == 4) {
							if((_t58 & 0x00000fff) != 0x18) {
								goto L37;
							}
							L13:
							if( *(_t78 + 0x4c) == 0) {
								_t48 =  *((intOrPtr*)(_t58 + 2));
							} else {
								_t51 =  *_t58;
								if(( *(_t78 + 0x4c) & _t51) != 0) {
									_t51 = _t51 ^  *(_t78 + 0x50);
								}
								_t48 = _t51 >> 0x10;
							}
							if((_t48 & 0x00000004) != 0) {
								if(E011323E3(_t78, _t58) != 0) {
									goto L18;
								}
							} else {
								L18:
								if( *((char*)(_t58 + 7)) == 4) {
									goto L23;
								}
								_t64 = _t78 + 0xa4;
								_t50 =  *_t64;
								while(_t50 != _t64) {
									if(_t58 <  *((intOrPtr*)(_t50 + 0x14)) || _t58 >=  *((intOrPtr*)(_t50 + 0x18))) {
										_t50 =  *_t50;
										continue;
									} else {
										goto L23;
									}
								}
							}
							goto L37;
						}
						_t52 =  *((intOrPtr*)(_t58 + 6));
						if(_t52 == 0) {
							_t65 = _t78;
						} else {
							_t65 = (_t58 & 0xffff0000) - ((_t52 & 0x000000ff) << 0x10) + 0x10000;
						}
						if(_t65 == 0 ||  *((intOrPtr*)(_t65 + 0x18)) != _t78 || _t58 <  *((intOrPtr*)(_t65 + 0x24)) || _t58 >=  *((intOrPtr*)(_t65 + 0x28))) {
							goto L37;
						} else {
							goto L13;
						}
					} else {
						goto L37;
					}
				}
			}















                                      0x01083fcc
                                      0x01083fcf
                                      0x01083fd3
                                      0x010e03b8
                                      0x010e03c2
                                      0x010e03e1
                                      0x010e03e6
                                      0x010e03c4
                                      0x010e03d9
                                      0x010e03de
                                      0x010e03ef
                                      0x010e03f0
                                      0x010e03f9
                                      0x010e040b
                                      0x010e040d
                                      0x010e0414
                                      0x010e0415
                                      0x010e0415
                                      0x00000000
                                      0x01083fe2
                                      0x01083fe2
                                      0x01083fe7
                                      0x00000000
                                      0x00000000
                                      0x01083fef
                                      0x010840b8
                                      0x010840d8
                                      0x010840ba
                                      0x010840ba
                                      0x010840ba
                                      0x010840c2
                                      0x010840ca
                                      0x010840a4
                                      0x00000000
                                      0x010840a4
                                      0x010840cc
                                      0x00000000
                                      0x010840c2
                                      0x01083ff9
                                      0x0108401f
                                      0x010e03a0
                                      0x00000000
                                      0x00000000
                                      0x01084069
                                      0x0108406d
                                      0x010840dc
                                      0x0108406f
                                      0x0108406f
                                      0x01084074
                                      0x01084076
                                      0x01084076
                                      0x01084079
                                      0x01084079
                                      0x0108407e
                                      0x010e03b2
                                      0x00000000
                                      0x00000000
                                      0x01084084
                                      0x01084084
                                      0x01084088
                                      0x00000000
                                      0x00000000
                                      0x0108408a
                                      0x01084090
                                      0x01084092
                                      0x0108409d
                                      0x010840ad
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0108409d
                                      0x01084092
                                      0x00000000
                                      0x0108407e
                                      0x01084025
                                      0x0108402a
                                      0x010840d1
                                      0x01084030
                                      0x01084040
                                      0x01084040
                                      0x01084048
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083ff9

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                      • API String ID: 0-1151232445
                                      • Opcode ID: 8629476ac7fa803268457b1a20e4b06ff3f54287be6ae9287b35ecea37ccb55d
                                      • Instruction ID: ada53580300f9b67f7bfe7610f8d000a8ad4db6f30f9311521497217a0b5d819
                                      • Opcode Fuzzy Hash: 8629476ac7fa803268457b1a20e4b06ff3f54287be6ae9287b35ecea37ccb55d
                                      • Instruction Fuzzy Hash: F341B630308341CFEF65DB2EC4897BB7BD49F01618F1885A9F6C58B646C6B69886CF11
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E010AB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1178748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0108B150();
						} else {
							E0108B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0108B150();
						__eflags =  *0x1177bc8;
						if(__eflags == 0) {
							E01142073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E010AAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                      0x010ab8f0
                                      0x010ab8f2
                                      0x010ab8f4
                                      0x010f2c4e
                                      0x010f2c50
                                      0x010f2c56
                                      0x010f2c5c
                                      0x010f2c60
                                      0x010f2c7f
                                      0x010f2c84
                                      0x010f2c62
                                      0x010f2c77
                                      0x010f2c7c
                                      0x010f2c8a
                                      0x010f2c8f
                                      0x010f2c94
                                      0x010f2c9c
                                      0x010f2ca5
                                      0x010f2ca5
                                      0x010f2c9c
                                      0x010f2c50
                                      0x010ab8fa
                                      0x010ab902
                                      0x010ab921
                                      0x010ab921
                                      0x010ab924
                                      0x010ab924
                                      0x010ab927
                                      0x00000000
                                      0x00000000
                                      0x010ab929
                                      0x010ab92b
                                      0x010ab92d
                                      0x010ab940
                                      0x00000000
                                      0x010ab940
                                      0x010ab932
                                      0x010ab932
                                      0x00000000
                                      0x010ab932
                                      0x00000000
                                      0x010ab904
                                      0x010ab904
                                      0x010ab90a
                                      0x010ab90c
                                      0x010ab916
                                      0x010ab919
                                      0x010ab915
                                      0x010ab915
                                      0x010ab91b
                                      0x010ab91b
                                      0x00000000
                                      0x010ab910

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-2558761708
                                      • Opcode ID: ea5853f2f516336ffe947275e1b9b1e65b3bbebce5ce1808a149cbea77b6b7e3
                                      • Instruction ID: 19e869fe70d48188ca069dad2811310c9e7811c3389dddc89bbdc6011b6a486a
                                      • Opcode Fuzzy Hash: ea5853f2f516336ffe947275e1b9b1e65b3bbebce5ce1808a149cbea77b6b7e3
                                      • Instruction Fuzzy Hash: 3711D0313041029FDBA9EBADD485B7AB7A5EB80A20F58816DE1CACF251D730D880CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0111FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0111FF60
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                      • API String ID: 3446177414-1911121157
                                      • Opcode ID: 9f831ac9832d29016362fd5db16549202f323e57a61f34ebdff3b677395623eb
                                      • Instruction ID: 58dec52ceefa39e0d8461f436f541caaf0bf6d1df1367b4f0344b9cebdc05c8d
                                      • Opcode Fuzzy Hash: 9f831ac9832d29016362fd5db16549202f323e57a61f34ebdff3b677395623eb
                                      • Instruction Fuzzy Hash: 90112272950646EFEB2AEF54CD48FD8BBB2FF08704F148064F1086B2A1C7799985CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E0114E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0114BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0114BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0114AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E010C9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0114A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0114A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E010C9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0114A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0114A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E010A2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0109B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0109FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E010A7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0113FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                      0x0114e547
                                      0x0114e549
                                      0x0114e54f
                                      0x0114e553
                                      0x0114e557
                                      0x0114e55a
                                      0x0114e55c
                                      0x0114e55f
                                      0x0114e561
                                      0x0114e567
                                      0x0114e56b
                                      0x0114e7e2
                                      0x00000000
                                      0x0114e571
                                      0x0114e575
                                      0x0114e577
                                      0x0114e57b
                                      0x0114e57c
                                      0x0114e57d
                                      0x0114e57e
                                      0x0114e57f
                                      0x0114e588
                                      0x0114e58f
                                      0x0114e591
                                      0x0114e592
                                      0x0114e592
                                      0x0114e596
                                      0x0114e59e
                                      0x0114e5a0
                                      0x0114e5a6
                                      0x0114e61d
                                      0x0114e61d
                                      0x0114e621
                                      0x0114e623
                                      0x0114e630
                                      0x0114e630
                                      0x0114e7e6
                                      0x0114e7eb
                                      0x0114e7ed
                                      0x0114e7f4
                                      0x0114e7fa
                                      0x0114e7ff
                                      0x0114e7ff
                                      0x0114e80a
                                      0x0114e812
                                      0x0114e812
                                      0x0114e5ab
                                      0x0114e5b4
                                      0x0114e5b9
                                      0x0114e5be
                                      0x0114e5c0
                                      0x0114e5c2
                                      0x0114e5c8
                                      0x0114e5c9
                                      0x0114e5cb
                                      0x0114e5cc
                                      0x0114e5d5
                                      0x0114e5e4
                                      0x0114e5f1
                                      0x0114e5f8
                                      0x0114e5f8
                                      0x0114e5d5
                                      0x0114e602
                                      0x0114e616
                                      0x0114e63d
                                      0x0114e644
                                      0x0114e64d
                                      0x0114e652
                                      0x0114e657
                                      0x0114e659
                                      0x0114e65b
                                      0x0114e661
                                      0x0114e662
                                      0x0114e664
                                      0x0114e665
                                      0x0114e66e
                                      0x0114e67d
                                      0x0114e68a
                                      0x0114e691
                                      0x0114e691
                                      0x0114e66e
                                      0x0114e6b0
                                      0x00000000
                                      0x0114e6b6
                                      0x0114e6bd
                                      0x0114e6c7
                                      0x0114e6d7
                                      0x0114e6d9
                                      0x0114e6db
                                      0x0114e6de
                                      0x0114e6e3
                                      0x0114e6f3
                                      0x0114e6fc
                                      0x0114e700
                                      0x0114e700
                                      0x0114e704
                                      0x0114e70a
                                      0x0114e70a
                                      0x0114e713
                                      0x0114e716
                                      0x0114e719
                                      0x0114e720
                                      0x0114e761
                                      0x0114e76b
                                      0x0114e774
                                      0x0114e77a
                                      0x0114e77a
                                      0x0114e78a
                                      0x0114e791
                                      0x0114e799
                                      0x0114e79b
                                      0x0114e79f
                                      0x0114e7aa
                                      0x0114e7c0
                                      0x0114e7ac
                                      0x0114e7b2
                                      0x0114e7b9
                                      0x0114e7b9
                                      0x0114e7c7
                                      0x0114e806
                                      0x00000000
                                      0x0114e7c9
                                      0x0114e7d1
                                      0x0114e7d8
                                      0x00000000
                                      0x0114e7d8
                                      0x00000000
                                      0x00000000
                                      0x0114e722
                                      0x0114e72e
                                      0x0114e748
                                      0x0114e74c
                                      0x0114e754
                                      0x0114e756
                                      0x0114e75c
                                      0x0114e75c
                                      0x00000000
                                      0x0114e75c
                                      0x0114e758
                                      0x0114e758
                                      0x00000000
                                      0x0114e758
                                      0x0114e750
                                      0x00000000
                                      0x00000000
                                      0x0114e752
                                      0x00000000
                                      0x0114e752
                                      0x0114e730
                                      0x0114e735
                                      0x0114e73d
                                      0x0114e73f
                                      0x00000000
                                      0x00000000
                                      0x0114e741
                                      0x0114e741
                                      0x00000000
                                      0x0114e741
                                      0x0114e739
                                      0x00000000
                                      0x00000000
                                      0x0114e73b
                                      0x00000000
                                      0x0114e73b
                                      0x0114e722
                                      0x0114e720
                                      0x0114e6b0
                                      0x0114e618
                                      0x00000000
                                      0x0114e618

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `$`
                                      • API String ID: 0-197956300
                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction ID: 320e49fd51a40c1459518405236584ae970b5156d7a36ca378296156aa6f4f0b
                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction Fuzzy Hash: 8A9196712057429FE728CF29C841B57BBE5BF84B25F14892DF695CB280E778E904CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011051BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E011051BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11605f0);
				E010DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0109EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E011053CA(0);
						return E010DD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E010CF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E010A3690(1, _t117, 0x1061810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E010CAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = E010A4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E010CAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0110500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E010C9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                      0x011051be
                                      0x011051c3
                                      0x011051c8
                                      0x011051cd
                                      0x011051d0
                                      0x011051d3
                                      0x011051d8
                                      0x011051db
                                      0x011051de
                                      0x011051e0
                                      0x011051e3
                                      0x011051e6
                                      0x011051e8
                                      0x01105342
                                      0x01105351
                                      0x01105356
                                      0x0110535a
                                      0x01105360
                                      0x01105363
                                      0x01105366
                                      0x01105369
                                      0x01105369
                                      0x0110536b
                                      0x0110536b
                                      0x01105370
                                      0x011053a3
                                      0x011053a4
                                      0x011053a6
                                      0x011053ab
                                      0x011053ab
                                      0x011053ae
                                      0x011053ae
                                      0x011053b5
                                      0x011053bf
                                      0x011053bf
                                      0x01105375
                                      0x01105396
                                      0x011053a0
                                      0x011053a0
                                      0x00000000
                                      0x01105396
                                      0x01105377
                                      0x01105379
                                      0x0110537f
                                      0x0110538c
                                      0x01105390
                                      0x00000000
                                      0x01105390
                                      0x011051ee
                                      0x011051f1
                                      0x01105301
                                      0x01105310
                                      0x01105315
                                      0x01105318
                                      0x0110531b
                                      0x01105320
                                      0x0110532e
                                      0x01105331
                                      0x00000000
                                      0x01105331
                                      0x01105328
                                      0x01105329
                                      0x00000000
                                      0x01105329
                                      0x011051fa
                                      0x01105235
                                      0x01105236
                                      0x01105239
                                      0x0110523f
                                      0x01105240
                                      0x01105241
                                      0x01105242
                                      0x01105246
                                      0x01105247
                                      0x0110524e
                                      0x01105251
                                      0x01105267
                                      0x01105269
                                      0x0110526e
                                      0x0110527d
                                      0x0110527e
                                      0x01105281
                                      0x01105282
                                      0x01105287
                                      0x01105288
                                      0x0110528a
                                      0x0110528f
                                      0x01105294
                                      0x00000000
                                      0x00000000
                                      0x0110529a
                                      0x0110529c
                                      0x0110529e
                                      0x0110529e
                                      0x011052a4
                                      0x011052b0
                                      0x00000000
                                      0x00000000
                                      0x011052ba
                                      0x011052bc
                                      0x011052bc
                                      0x011052d4
                                      0x011052d9
                                      0x011052dc
                                      0x011052e1
                                      0x00000000
                                      0x00000000
                                      0x011052e7
                                      0x011052f4
                                      0x00000000
                                      0x011052f4
                                      0x01105270
                                      0x00000000
                                      0x01105270
                                      0x011051fc
                                      0x011051fd
                                      0x01105202
                                      0x01105203
                                      0x01105205
                                      0x0110520a
                                      0x0110520f
                                      0x00000000
                                      0x00000000
                                      0x0110521b
                                      0x01105226
                                      0x0110522b
                                      0x0110521d
                                      0x0110521d
                                      0x01105222
                                      0x01105222
                                      0x0110522d
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: Legacy$UEFI
                                      • API String ID: 2994545307-634100481
                                      • Opcode ID: 2f68478a6e1022db9698c62e94ee809f1546010c321a030602adcc13156526a4
                                      • Instruction ID: 5ef7bd6247550c7d5e07a9305354f6320c6b58a89670d64afb9cf2a529c8a5e3
                                      • Opcode Fuzzy Hash: 2f68478a6e1022db9698c62e94ee809f1546010c321a030602adcc13156526a4
                                      • Instruction Fuzzy Hash: 3D515B71E04609DFDB6ADFA8C950AAEBBB9BF48700F14442DE649EB291D7B19900CF10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01084439 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E01084439(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t68;
				intOrPtr* _t72;
				signed int _t74;
				void* _t77;
				signed int _t83;
				signed int _t84;

				_t79 = __edx;
				_t54 =  *0x117d360 ^ _t84;
				_v8 =  *0x117d360 ^ _t84;
				_t82 = __ecx;
				_v96 = __edx;
				_t74 = __edx;
				if(__edx != 0 && ( *(__edx + 8) & 0x00000004) == 0) {
					_t82 = __ecx + 4;
					_t72 =  *_t82;
					while(_t72 != _t82) {
						_t83 = _t72 - 8;
						_t79 = 1;
						if( *_t83 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = 1;
							E010DDEF0(_t74, 1);
							_t74 = _v96;
							_t79 = 1;
						}
						if( *(_t83 + 0x14) !=  !( *(_t83 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t79;
							_v68 = 2;
							_v64 = _t82;
							_v60 = _t83;
							_v92 = 0xc0150015;
							_v88 = _t79;
							E010DDEF0(_t74, _t79);
							_t74 = _v96;
						}
						_t9 = _t83 + 0x18; // 0x1c
						_t54 = _t9;
						if(_t74 < _t9) {
							L13:
							_t72 =  *_t72;
							continue;
						} else {
							_t10 = _t83 + 0x618; // 0x61c
							_t54 = _t10;
							if(_t74 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t64 = _t74 - _t83 - 0x18;
								asm("cdq");
								_t79 = _t64 % _v96;
								_t54 = 0x18 + _t64 / _v96 * 0x30 + _t83;
								if(_t74 == 0x18 + _t64 / _v96 * 0x30 + _t83) {
									_t54 =  *(_t83 + 4);
									if(_t54 != 0) {
										_t68 = _t54 - 1;
										 *(_t83 + 4) = _t68;
										_t54 =  !_t68;
										 *(_t83 + 0x14) =  !_t68;
										 *((intOrPtr*)(_t74 + 8)) = 4;
										if( *(_t83 + 4) == 0) {
											_t54 =  *(_t72 + 4);
											if(_t54 != _t82) {
												do {
													_t83 =  *(_t54 + 4);
													_t79 = _t54 - 8;
													if( *((intOrPtr*)(_t54 - 8 + 4)) == 0) {
														_t77 =  *_t54;
														if( *(_t77 + 4) != _t54 ||  *_t83 != _t54) {
															_push(3);
															asm("int 0x29");
															return 0x3e5;
														}
														 *_t83 = _t77;
														 *(_t77 + 4) = _t83;
														L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t79);
													}
													_t54 = _t83;
												} while (_t83 != _t82);
											}
										}
									}
								}
							}
						}
						goto L12;
					}
				}
				L12:
				return E010CB640(_t54, _t72, _v8 ^ _t84, _t79, _t82, _t83);
			}
























                                      0x01084439
                                      0x01084446
                                      0x01084448
                                      0x0108444e
                                      0x01084450
                                      0x01084453
                                      0x01084457
                                      0x01084467
                                      0x0108446a
                                      0x0108446c
                                      0x01084472
                                      0x01084475
                                      0x0108447c
                                      0x010e080d
                                      0x010e0814
                                      0x010e0815
                                      0x010e081c
                                      0x010e081f
                                      0x010e0822
                                      0x010e0825
                                      0x010e0828
                                      0x010e082f
                                      0x010e0832
                                      0x010e0837
                                      0x010e083c
                                      0x010e083c
                                      0x0108448a
                                      0x010e0842
                                      0x010e0849
                                      0x010e084a
                                      0x010e0851
                                      0x010e0854
                                      0x010e085b
                                      0x010e085e
                                      0x010e0861
                                      0x010e0868
                                      0x010e086b
                                      0x010e0870
                                      0x010e0870
                                      0x01084490
                                      0x01084490
                                      0x01084495
                                      0x010844f8
                                      0x010844f8
                                      0x00000000
                                      0x01084497
                                      0x01084497
                                      0x01084497
                                      0x0108449f
                                      0x00000000
                                      0x010844a1
                                      0x010844a3
                                      0x010844ac
                                      0x010844af
                                      0x010844b0
                                      0x010844b9
                                      0x010844bd
                                      0x010844bf
                                      0x010844c4
                                      0x010844c6
                                      0x010844c7
                                      0x010844ca
                                      0x010844cc
                                      0x010844cf
                                      0x010844da
                                      0x010844dc
                                      0x010844e1
                                      0x010e0878
                                      0x010e0878
                                      0x010e087b
                                      0x010e0882
                                      0x010e0884
                                      0x010e0889
                                      0x010e08b0
                                      0x010e08b3
                                      0x00000000
                                      0x010e08b5
                                      0x010e0896
                                      0x010e089a
                                      0x010e08a0
                                      0x010e08a0
                                      0x010e08a5
                                      0x010e08a7
                                      0x010e08ab
                                      0x010844e1
                                      0x010844da
                                      0x010844c4
                                      0x010844bd
                                      0x0108449f
                                      0x00000000
                                      0x01084495
                                      0x0108446c
                                      0x010844e7
                                      0x010844f7

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0$Flst
                                      • API String ID: 0-758220159
                                      • Opcode ID: ffffc146ba7003de6b07910ba3aebee5e8bfe80a2e65cb6cae0654f64878beeb
                                      • Instruction ID: f123e009b0b966b7e862f3fbd13072f48f31102042a5d9550ad10d114713967d
                                      • Opcode Fuzzy Hash: ffffc146ba7003de6b07910ba3aebee5e8bfe80a2e65cb6cae0654f64878beeb
                                      • Instruction Fuzzy Hash: 144186B1A04249CFDB25DF99C9847ADFBF5EF84314F24806AE0CADB245DB709846CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109D5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E0109D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x117d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01096600(0x11752d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1177b9c; // 0x0
							_t281 = E010A4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E010CF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1177b90; // 0x77880000
								if(_t384 == 0) {
									_t353 =  *0x1177b8c; // 0xb22b30
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E010A2280(_t200, 0x11784d8);
									_t277 =  *0x11785f4; // 0xb23020
									_t351 =  *0x11785f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xb22fb8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0109FFB0(_t287, _t353, 0x11784d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E010DCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01096600(0x11752d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01097926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x117b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0110E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1178472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x117b218; // 0x0
														asm("ror edi, cl");
														 *0x117b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E010A2280(_t250, 0x11784d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L010C3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0109FFB0(_t293, _t353, 0x11784d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010C37F5(_t353, 0);
																}
																E010C0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E010B9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010B02D6(_t174);
																}
																L010A77F0( *0x1177b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E010BC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0109EC7F(_t353);
										L010B19B8(_t287, 0, _t353, 0);
										_t200 = E0108F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E010CB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x117b2f8; // 0x0
									if((_t206 |  *0x117b2fc) == 0 || ( *0x117b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x117b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01136B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01136AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0109E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0109EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E010C9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0109E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L01098F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E010C3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                      0x0109d5f2
                                      0x0109d5f5
                                      0x0109d5f5
                                      0x0109d5fd
                                      0x0109d600
                                      0x0109d60a
                                      0x0109d60d
                                      0x0109d617
                                      0x0109d61d
                                      0x0109d627
                                      0x0109d62e
                                      0x0109d911
                                      0x0109d913
                                      0x00000000
                                      0x0109d919
                                      0x0109d919
                                      0x0109d919
                                      0x0109d634
                                      0x0109d634
                                      0x0109d634
                                      0x0109d634
                                      0x0109d640
                                      0x0109d8bf
                                      0x00000000
                                      0x0109d646
                                      0x0109d646
                                      0x0109d64d
                                      0x0109d652
                                      0x010eb2fc
                                      0x010eb2fc
                                      0x010eb302
                                      0x010eb33b
                                      0x010eb341
                                      0x00000000
                                      0x010eb304
                                      0x010eb304
                                      0x010eb319
                                      0x010eb31e
                                      0x010eb324
                                      0x010eb326
                                      0x010eb332
                                      0x010eb347
                                      0x010eb34c
                                      0x010eb351
                                      0x010eb35a
                                      0x00000000
                                      0x010eb328
                                      0x010eb328
                                      0x00000000
                                      0x010eb328
                                      0x010eb326
                                      0x0109d658
                                      0x0109d658
                                      0x0109d65b
                                      0x0109d665
                                      0x00000000
                                      0x0109d66b
                                      0x0109d66b
                                      0x0109d66b
                                      0x0109d66b
                                      0x0109d66d
                                      0x0109d672
                                      0x0109d67a
                                      0x00000000
                                      0x00000000
                                      0x0109d680
                                      0x0109d686
                                      0x0109d8ce
                                      0x0109d8d4
                                      0x0109d8dd
                                      0x0109d8e0
                                      0x0109d68c
                                      0x0109d691
                                      0x0109d69d
                                      0x0109d6a2
                                      0x0109d6a7
                                      0x0109d6b0
                                      0x0109d6b5
                                      0x0109d6e0
                                      0x0109d6b7
                                      0x0109d6b7
                                      0x0109d6b9
                                      0x0109d6b9
                                      0x0109d6bb
                                      0x0109d6bd
                                      0x0109d6ce
                                      0x0109d6d0
                                      0x0109d6d2
                                      0x010eb363
                                      0x010eb365
                                      0x00000000
                                      0x010eb36b
                                      0x00000000
                                      0x010eb36b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0109d6bf
                                      0x0109d6bf
                                      0x0109d6e5
                                      0x0109d6e7
                                      0x0109d6e9
                                      0x0109d6ec
                                      0x0109d6ec
                                      0x0109d6ef
                                      0x0109d6f5
                                      0x0109d6f9
                                      0x0109d6fb
                                      0x0109d6fd
                                      0x0109d701
                                      0x0109d703
                                      0x0109d70a
                                      0x0109d70a
                                      0x0109d701
                                      0x0109d710
                                      0x0109d710
                                      0x0109d6c1
                                      0x0109d6c1
                                      0x0109d6c6
                                      0x010eb36d
                                      0x010eb36f
                                      0x00000000
                                      0x010eb375
                                      0x010eb375
                                      0x010eb375
                                      0x00000000
                                      0x010eb375
                                      0x00000000
                                      0x0109d6cc
                                      0x0109d6d8
                                      0x0109d6d8
                                      0x0109d6d8
                                      0x00000000
                                      0x0109d6c6
                                      0x0109d6bf
                                      0x00000000
                                      0x0109d6da
                                      0x0109d6da
                                      0x0109d716
                                      0x0109d71b
                                      0x0109d720
                                      0x0109d726
                                      0x0109d726
                                      0x0109d72d
                                      0x00000000
                                      0x0109d733
                                      0x0109d739
                                      0x0109d742
                                      0x0109d750
                                      0x0109d758
                                      0x0109d764
                                      0x0109d776
                                      0x0109d77a
                                      0x0109d783
                                      0x0109d928
                                      0x0109d92c
                                      0x0109d93d
                                      0x0109d944
                                      0x0109d94f
                                      0x0109d954
                                      0x0109d956
                                      0x0109d95f
                                      0x0109d961
                                      0x0109d973
                                      0x0109d973
                                      0x0109d956
                                      0x0109d944
                                      0x0109d92c
                                      0x0109d78b
                                      0x010eb394
                                      0x0109d791
                                      0x0109d798
                                      0x010eb3a3
                                      0x010eb3bb
                                      0x010eb3bb
                                      0x0109d7a5
                                      0x0109d866
                                      0x0109d870
                                      0x0109d884
                                      0x0109d892
                                      0x0109d898
                                      0x0109d89e
                                      0x0109d8a0
                                      0x0109d8a6
                                      0x0109d8ac
                                      0x0109d8ae
                                      0x0109d8b4
                                      0x0109d8b4
                                      0x0109d8ae
                                      0x0109d7a5
                                      0x0109d78b
                                      0x0109d7b1
                                      0x010eb3c5
                                      0x010eb3c5
                                      0x0109d7c3
                                      0x0109d7ca
                                      0x0109d7e5
                                      0x0109d7eb
                                      0x0109d8eb
                                      0x0109d8ed
                                      0x00000000
                                      0x0109d8f3
                                      0x0109d8f3
                                      0x0109d8f3
                                      0x00000000
                                      0x0109d8ed
                                      0x0109d7cc
                                      0x0109d7cc
                                      0x0109d7d2
                                      0x00000000
                                      0x0109d7d4
                                      0x0109d7d4
                                      0x0109d7d7
                                      0x0109d7df
                                      0x010eb3d4
                                      0x010eb3d9
                                      0x010eb3dc
                                      0x010eb3dc
                                      0x010eb3df
                                      0x010eb3e2
                                      0x010eb468
                                      0x010eb46d
                                      0x010eb46f
                                      0x010eb46f
                                      0x010eb475
                                      0x0109d8f8
                                      0x0109d8f9
                                      0x0109d8fd
                                      0x010eb3e8
                                      0x010eb3e8
                                      0x010eb3eb
                                      0x010eb3ed
                                      0x00000000
                                      0x010eb3ef
                                      0x010eb3ef
                                      0x010eb3f1
                                      0x010eb3f4
                                      0x010eb3fe
                                      0x010eb404
                                      0x010eb409
                                      0x010eb40e
                                      0x010eb410
                                      0x010eb410
                                      0x010eb414
                                      0x010eb414
                                      0x010eb41b
                                      0x010eb420
                                      0x010eb423
                                      0x010eb425
                                      0x010eb427
                                      0x010eb42a
                                      0x010eb42d
                                      0x010eb42d
                                      0x010eb42a
                                      0x010eb432
                                      0x010eb436
                                      0x010eb438
                                      0x010eb43b
                                      0x010eb43b
                                      0x010eb449
                                      0x010eb44e
                                      0x010eb454
                                      0x010eb458
                                      0x010eb458
                                      0x010eb45d
                                      0x00000000
                                      0x010eb45d
                                      0x010eb3ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0109d7df
                                      0x0109d7d2
                                      0x0109d7ca
                                      0x010eb37c
                                      0x010eb37e
                                      0x010eb385
                                      0x010eb38a
                                      0x00000000
                                      0x010eb38a
                                      0x0109d742
                                      0x0109d7f1
                                      0x0109d7f8
                                      0x010eb49b
                                      0x010eb49b
                                      0x0109d800
                                      0x0109d837
                                      0x0109d843
                                      0x0109d845
                                      0x0109d847
                                      0x0109d84a
                                      0x0109d84b
                                      0x0109d84e
                                      0x0109d857
                                      0x0109d802
                                      0x0109d802
                                      0x0109d80d
                                      0x00000000
                                      0x0109d818
                                      0x0109d818
                                      0x0109d824
                                      0x0109d831
                                      0x010eb4a5
                                      0x010eb4ab
                                      0x010eb4b3
                                      0x010eb4b8
                                      0x010eb4bb
                                      0x00000000
                                      0x010eb4c1
                                      0x010eb4c1
                                      0x010eb4c8
                                      0x00000000
                                      0x010eb4ce
                                      0x010eb4d4
                                      0x010eb4e1
                                      0x010eb4e3
                                      0x010eb4e5
                                      0x00000000
                                      0x010eb4eb
                                      0x010eb4f0
                                      0x010eb4f2
                                      0x0109dac9
                                      0x0109dacc
                                      0x0109dacf
                                      0x0109dad1
                                      0x0109dd78
                                      0x0109dd78
                                      0x0109dcf2
                                      0x00000000
                                      0x0109dad7
                                      0x0109dad9
                                      0x0109dadb
                                      0x00000000
                                      0x00000000
                                      0x0109dae1
                                      0x0109dae1
                                      0x0109dae4
                                      0x0109dae6
                                      0x010eb4f9
                                      0x010eb4f9
                                      0x010eb500
                                      0x0109daec
                                      0x0109daec
                                      0x0109daf5
                                      0x0109daf8
                                      0x0109dafb
                                      0x0109db03
                                      0x0109db11
                                      0x0109db16
                                      0x0109db19
                                      0x0109db1b
                                      0x010eb52c
                                      0x010eb531
                                      0x010eb534
                                      0x0109db21
                                      0x0109db21
                                      0x0109db24
                                      0x0109dcd9
                                      0x0109dce2
                                      0x0109dce5
                                      0x0109dd6a
                                      0x0109dd6d
                                      0x00000000
                                      0x0109dd73
                                      0x010eb51a
                                      0x010eb51c
                                      0x010eb51f
                                      0x010eb524
                                      0x00000000
                                      0x010eb524
                                      0x0109dce7
                                      0x0109dce7
                                      0x0109dce7
                                      0x00000000
                                      0x0109dce7
                                      0x00000000
                                      0x0109db2a
                                      0x0109db2c
                                      0x0109db31
                                      0x0109db33
                                      0x0109db36
                                      0x0109db39
                                      0x0109db3b
                                      0x0109db66
                                      0x0109db66
                                      0x0109db3d
                                      0x0109db3d
                                      0x0109db3e
                                      0x0109db46
                                      0x0109db47
                                      0x0109db49
                                      0x0109db4c
                                      0x0109db53
                                      0x0109db55
                                      0x0109db58
                                      0x0109db5a
                                      0x010eb50a
                                      0x010eb50f
                                      0x010eb512
                                      0x0109db60
                                      0x0109db60
                                      0x0109db63
                                      0x0109db63
                                      0x00000000
                                      0x0109db63
                                      0x0109db5a
                                      0x0109db3b
                                      0x0109db24
                                      0x0109db69
                                      0x0109db69
                                      0x0109db6c
                                      0x0109db6f
                                      0x0109db74
                                      0x010eb557
                                      0x010eb557
                                      0x010eb55e
                                      0x0109db7a
                                      0x0109db7c
                                      0x0109db7f
                                      0x0109db82
                                      0x0109db85
                                      0x00000000
                                      0x0109db8b
                                      0x0109db8b
                                      0x0109db8d
                                      0x0109db9b
                                      0x0109db9b
                                      0x0109db9d
                                      0x0109dba0
                                      0x0109dba2
                                      0x0109dba4
                                      0x0109dba7
                                      0x0109dba9
                                      0x0109dbae
                                      0x0109dbae
                                      0x0109dbb1
                                      0x0109dbb4
                                      0x0109dbb4
                                      0x0109dbb7
                                      0x0109dbba
                                      0x0109dcd2
                                      0x0109dcd4
                                      0x00000000
                                      0x0109dbc0
                                      0x0109dbc0
                                      0x0109dbd2
                                      0x0109dbd7
                                      0x0109dbda
                                      0x0109dbdd
                                      0x0109dbdf
                                      0x00000000
                                      0x0109dbe5
                                      0x0109dbe5
                                      0x0109dbee
                                      0x0109dbf1
                                      0x010eb541
                                      0x010eb544
                                      0x00000000
                                      0x010eb546
                                      0x010eb546
                                      0x00000000
                                      0x010eb546
                                      0x0109dbf7
                                      0x0109dbf7
                                      0x0109dbfd
                                      0x0109dbfd
                                      0x0109dbff
                                      0x0109dc0b
                                      0x0109dc15
                                      0x0109dc1b
                                      0x0109dc1d
                                      0x0109dc21
                                      0x0109dc21
                                      0x0109dc23
                                      0x0109dc23
                                      0x0109dc26
                                      0x0109dc29
                                      0x0109dc2b
                                      0x00000000
                                      0x00000000
                                      0x0109dc31
                                      0x0109dc34
                                      0x0109dc36
                                      0x0109dcbf
                                      0x0109dcbf
                                      0x0109dcc2
                                      0x00000000
                                      0x0109dc3c
                                      0x0109dc41
                                      0x0109dc43
                                      0x00000000
                                      0x0109dc45
                                      0x0109dc45
                                      0x0109dc47
                                      0x00000000
                                      0x0109dc4d
                                      0x0109dc4d
                                      0x0109dc50
                                      0x0109dc52
                                      0x0109dc55
                                      0x0109dcfa
                                      0x0109dcfe
                                      0x0109dd08
                                      0x0109dd0a
                                      0x0109dd0c
                                      0x00000000
                                      0x0109dd12
                                      0x0109dd15
                                      0x0109dd2d
                                      0x0109dd2f
                                      0x0109dd32
                                      0x0109dd35
                                      0x00000000
                                      0x0109dd35
                                      0x0109dc5b
                                      0x0109dc5b
                                      0x0109dc5e
                                      0x0109dc61
                                      0x0109dc64
                                      0x0109dc67
                                      0x0109dc67
                                      0x0109dc6a
                                      0x0109dc6c
                                      0x0109dc8e
                                      0x0109dc8e
                                      0x0109dc91
                                      0x0109dc93
                                      0x0109dcce
                                      0x0109dcce
                                      0x0109dc95
                                      0x0109dc9c
                                      0x0109dc6e
                                      0x0109dc72
                                      0x0109dc75
                                      0x0109dc77
                                      0x0109dc79
                                      0x010eb551
                                      0x010eb551
                                      0x00000000
                                      0x0109dc7f
                                      0x0109dc7f
                                      0x0109dc81
                                      0x00000000
                                      0x0109dc83
                                      0x0109dc86
                                      0x0109dc88
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0109dc88
                                      0x0109dc81
                                      0x0109dc79
                                      0x0109dc6c
                                      0x0109dc55
                                      0x0109dc47
                                      0x0109dc43
                                      0x00000000
                                      0x0109dc36
                                      0x0109dc23
                                      0x00000000
                                      0x0109dbff
                                      0x0109dbf1
                                      0x0109dbdf
                                      0x0109db8f
                                      0x0109db92
                                      0x0109db95
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0109db95
                                      0x0109db8d
                                      0x0109db85
                                      0x0109db74
                                      0x0109dc9f
                                      0x0109dca2
                                      0x0109dcb0
                                      0x0109dcb0
                                      0x0109dad1
                                      0x010eb4e5
                                      0x010eb4c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0109d831
                                      0x0109d80d
                                      0x00000000
                                      0x0109d800
                                      0x010eb47f
                                      0x010eb485
                                      0x00000000
                                      0x010eb485
                                      0x0109d665
                                      0x0109d652
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: f49c7dc78127be873c87056c4310b5704ac28f02dac97907f49d48c4804b101e
                                      • Instruction ID: c8f25ec2494347e9586dd472a3014265d06b771833223fdba9ea4ac1458edbc3
                                      • Opcode Fuzzy Hash: f49c7dc78127be873c87056c4310b5704ac28f02dac97907f49d48c4804b101e
                                      • Instruction Fuzzy Hash: 29E1D270A0035A8FEF65CF69C8A4BAEB7F2BF45304F0441E9D9895B291DB309981DF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E010B513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x117d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E010CD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E010A2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = E010A4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E010CF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0109FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x117b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E010CB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                      0x010b5142
                                      0x010b514c
                                      0x010b5150
                                      0x010b5157
                                      0x010b5159
                                      0x010b515e
                                      0x010b5165
                                      0x010b5169
                                      0x010b516c
                                      0x010b5172
                                      0x010b5176
                                      0x010b517a
                                      0x010b517a
                                      0x010b517a
                                      0x010b517f
                                      0x010f6d8b
                                      0x010f6d8e
                                      0x010f6d91
                                      0x010f6d95
                                      0x010f6d98
                                      0x010f6d9c
                                      0x010f6da0
                                      0x010f6da3
                                      0x010f6da7
                                      0x010f6e26
                                      0x010f6e26
                                      0x010f6e2a
                                      0x010b51f9
                                      0x010b51f9
                                      0x010b51fe
                                      0x010f6e33
                                      0x010f6e33
                                      0x010f6e39
                                      0x010f6e3d
                                      0x010f6e46
                                      0x010f6e50
                                      0x00000000
                                      0x00000000
                                      0x010f6e52
                                      0x010f6e53
                                      0x010f6e56
                                      0x010f6e5d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f6e5f
                                      0x010f6e67
                                      0x010f6e77
                                      0x010f6e7f
                                      0x010f6e80
                                      0x010f6e88
                                      0x010f6e90
                                      0x010f6e9f
                                      0x010f6ea5
                                      0x010f6ea9
                                      0x010f6eb1
                                      0x010f6ebf
                                      0x00000000
                                      0x00000000
                                      0x010f6ecf
                                      0x010f6ed3
                                      0x00000000
                                      0x00000000
                                      0x010f6edb
                                      0x010f6ede
                                      0x010f6ee1
                                      0x010f6ee8
                                      0x010f6eeb
                                      0x010f6eed
                                      0x010f6ef0
                                      0x010f6ef4
                                      0x010f6ef8
                                      0x010f6efc
                                      0x00000000
                                      0x00000000
                                      0x010f6f0d
                                      0x010f6f11
                                      0x010f6f32
                                      0x010f6f37
                                      0x010f6f3b
                                      0x010f6f3e
                                      0x010f6f41
                                      0x010f6f46
                                      0x00000000
                                      0x00000000
                                      0x010f6f4c
                                      0x010f6f50
                                      0x010f6f50
                                      0x010f6f54
                                      0x010f6f62
                                      0x010f6f65
                                      0x010f6f6d
                                      0x010f6f7b
                                      0x010f6f7b
                                      0x010f6f93
                                      0x010f6f98
                                      0x010f6fa0
                                      0x010f6fa6
                                      0x010f6fb3
                                      0x010f6fb6
                                      0x010f6fbf
                                      0x010f6fc1
                                      0x010f6fd5
                                      0x010f6fda
                                      0x010f6fda
                                      0x010f6fdd
                                      0x010f6fe2
                                      0x010f6fe7
                                      0x010f6feb
                                      0x010f6fef
                                      0x010f6ff3
                                      0x010b520c
                                      0x010b520c
                                      0x010b520f
                                      0x010b5215
                                      0x010b5234
                                      0x010b523a
                                      0x010b523a
                                      0x010b5244
                                      0x010b5245
                                      0x010b5246
                                      0x010b5251
                                      0x010b5251
                                      0x010f6f13
                                      0x010f6f17
                                      0x010f6f17
                                      0x010f6f18
                                      0x010f6f1b
                                      0x010f6f1f
                                      0x010f6f23
                                      0x00000000
                                      0x010f6f28
                                      0x010b5204
                                      0x010b5204
                                      0x010b5208
                                      0x00000000
                                      0x010b5208
                                      0x010b5185
                                      0x010b5188
                                      0x010b518a
                                      0x010b518e
                                      0x010b5195
                                      0x010f6db1
                                      0x010f6db5
                                      0x010f6db9
                                      0x010b519b
                                      0x010b519b
                                      0x010b519e
                                      0x010b51a7
                                      0x010b51a9
                                      0x010b51a9
                                      0x010b51b5
                                      0x010b51b8
                                      0x010b51bb
                                      0x010b51be
                                      0x010b51c1
                                      0x010b51c5
                                      0x010b51c9
                                      0x010b51cd
                                      0x010b51cd
                                      0x010b51d8
                                      0x010b51dc
                                      0x010b51e0
                                      0x010f6dcc
                                      0x010f6dd0
                                      0x010f6dd5
                                      0x010f6ddd
                                      0x010f6de1
                                      0x010f6de1
                                      0x010f6de5
                                      0x010f6deb
                                      0x010f6df1
                                      0x010f6df7
                                      0x010f6dfd
                                      0x010f6e01
                                      0x010f6e05
                                      0x010f6e09
                                      0x010f6e0d
                                      0x010f6e11
                                      0x010f6e11
                                      0x010b51eb
                                      0x010f6e1a
                                      0x010f6e1f
                                      0x010f6e21
                                      0x010f6e23
                                      0x00000000
                                      0x010b51f1
                                      0x010b51f1
                                      0x00000000
                                      0x010b51f1

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: e68209c519ac307595a369701f0bea7b8f15e4086975f8330109e68add3f3799
                                      • Instruction ID: 4657f85e11ee0c8a738a796ea09e3eaa83dde3475353e7e667e4e4d09934268b
                                      • Opcode Fuzzy Hash: e68209c519ac307595a369701f0bea7b8f15e4086975f8330109e68add3f3799
                                      • Instruction Fuzzy Hash: CAC111755093818FD354CF28C481A5AFBE1BF89304F184AAEF9D98B392D771E845CB42
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E010B03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x117d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E010B0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E010CB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0109B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1177c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E010A7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E010A7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01107016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E010C9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E011069A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1177c04 != 0) {
						_t118 = _v12;
						_t120 = E0110A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1177bd8;
						if( *0x1177bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010C95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010C99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01103540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0108B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E010CAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1178474 - 3;
										if( *0x1178474 != 3) {
											 *0x11779dc =  *0x11779dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E010A7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E010A7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01107016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1178708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1177b00; // 0x0
							asm("ror esi, cl");
							 *0x117b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010C95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01097F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                      0x010b03f1
                                      0x010b03f7
                                      0x010b03f9
                                      0x010b03fb
                                      0x010b03fd
                                      0x010b0400
                                      0x010b040a
                                      0x010f4c7a
                                      0x010b0537
                                      0x010b0547
                                      0x010b0410
                                      0x010b0410
                                      0x010b0414
                                      0x010b0417
                                      0x010b041a
                                      0x010b0421
                                      0x010b0424
                                      0x010b042b
                                      0x010b043b
                                      0x010b043e
                                      0x010b043f
                                      0x010b043f
                                      0x010b0446
                                      0x010b0449
                                      0x010b044c
                                      0x010b044f
                                      0x010b0459
                                      0x010f4c8d
                                      0x010b045f
                                      0x010b045f
                                      0x010b045f
                                      0x010b0467
                                      0x010f4c97
                                      0x010f4c9d
                                      0x010f4ca4
                                      0x010f4caa
                                      0x010f4caf
                                      0x010f4cb1
                                      0x010f4cc3
                                      0x010f4cb3
                                      0x010f4cbc
                                      0x010f4cbc
                                      0x010f4cc8
                                      0x010f4ccb
                                      0x010f4cd7
                                      0x010f4cda
                                      0x010f4cdf
                                      0x010f4cdf
                                      0x010f4ccb
                                      0x010f4ca4
                                      0x010b046d
                                      0x010b046f
                                      0x010b046f
                                      0x010b0471
                                      0x010b0476
                                      0x010b047a
                                      0x010b047b
                                      0x010b0483
                                      0x010b0489
                                      0x010b048d
                                      0x00000000
                                      0x00000000
                                      0x010f4ce9
                                      0x010f4cef
                                      0x010f4d22
                                      0x010f4d22
                                      0x00000000
                                      0x010f4d22
                                      0x010f4cf1
                                      0x010f4cf7
                                      0x00000000
                                      0x00000000
                                      0x010f4cf9
                                      0x010f4cff
                                      0x00000000
                                      0x00000000
                                      0x010f4d05
                                      0x010f4d07
                                      0x00000000
                                      0x00000000
                                      0x010f4d0d
                                      0x010f4d0f
                                      0x010f4d14
                                      0x010f4d16
                                      0x00000000
                                      0x00000000
                                      0x010f4d1c
                                      0x010f4d1c
                                      0x010b0499
                                      0x010b0535
                                      0x010b0535
                                      0x00000000
                                      0x010b0535
                                      0x010b04a6
                                      0x010f4d2c
                                      0x010f4d37
                                      0x010f4d39
                                      0x010f4d3b
                                      0x00000000
                                      0x00000000
                                      0x010f4d41
                                      0x010f4d48
                                      0x010b0527
                                      0x010b052b
                                      0x010b052d
                                      0x010b0530
                                      0x010b0530
                                      0x00000000
                                      0x010b052b
                                      0x010f4d4e
                                      0x010b04ac
                                      0x010b04ac
                                      0x010b04af
                                      0x010b04b2
                                      0x010b04b7
                                      0x010b04b9
                                      0x010b04bb
                                      0x010b04bd
                                      0x010b04bf
                                      0x010b04c5
                                      0x010b04c9
                                      0x010f4d53
                                      0x010f4d59
                                      0x010f4db9
                                      0x010f4dba
                                      0x010f4dbf
                                      0x010f4dc2
                                      0x010f4dc4
                                      0x010f4dc7
                                      0x010f4dce
                                      0x00000000
                                      0x010f4dce
                                      0x010f4d5b
                                      0x010f4d61
                                      0x00000000
                                      0x00000000
                                      0x010f4d63
                                      0x010f4d69
                                      0x00000000
                                      0x00000000
                                      0x010f4d6b
                                      0x010f4d6e
                                      0x010f4d74
                                      0x010f4d76
                                      0x010f4d7c
                                      0x010f4d7e
                                      0x010f4d84
                                      0x010f4d89
                                      0x010f4d8c
                                      0x010f4d8d
                                      0x010f4d92
                                      0x010f4d95
                                      0x010f4d96
                                      0x010f4d98
                                      0x010f4d9a
                                      0x010f4d9f
                                      0x010f4da4
                                      0x010f4da6
                                      0x010f4da8
                                      0x010f4daf
                                      0x010f4db1
                                      0x010f4db1
                                      0x010f4daf
                                      0x010f4da6
                                      0x010f4d84
                                      0x010f4d7c
                                      0x00000000
                                      0x010f4d74
                                      0x010b04d6
                                      0x010f4de1
                                      0x010b04dc
                                      0x010b04dc
                                      0x010b04dc
                                      0x010b04e4
                                      0x010f4deb
                                      0x010f4df1
                                      0x010f4df8
                                      0x010f4dfe
                                      0x010f4e03
                                      0x010f4e05
                                      0x010f4e17
                                      0x010f4e07
                                      0x010f4e10
                                      0x010f4e10
                                      0x010f4e1c
                                      0x010f4e1f
                                      0x010f4e35
                                      0x010f4e35
                                      0x010f4e1f
                                      0x010f4df8
                                      0x010b04f1
                                      0x010b04fa
                                      0x010f4e3f
                                      0x010f4e47
                                      0x010f4e5b
                                      0x010f4e61
                                      0x010f4e67
                                      0x010f4e69
                                      0x010f4e71
                                      0x010f4e73
                                      0x010b0500
                                      0x010b0500
                                      0x010b0500
                                      0x010b04fa
                                      0x010b0508
                                      0x010b051d
                                      0x010b051d
                                      0x010b051f
                                      0x010b0524
                                      0x00000000
                                      0x010b0524
                                      0x010b0515
                                      0x010b0517
                                      0x010f4e7a
                                      0x010f4e7c
                                      0x00000000
                                      0x00000000
                                      0x010f4e85
                                      0x00000000
                                      0x010f4e85
                                      0x00000000
                                      0x010b0517

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: edd21e9e326891fbb8151738916032e8010a1bd2b2d5ef1f7547f2dc941144c1
                                      • Instruction ID: 26dcd4db8320be08e3c6ef1598bba4fcc83b7f376b5a240f5d1319e8b0445741
                                      • Opcode Fuzzy Hash: edd21e9e326891fbb8151738916032e8010a1bd2b2d5ef1f7547f2dc941144c1
                                      • Instruction Fuzzy Hash: FF910571E002199FEB229A6CC885BEF7BF4AB01714F0502A9FE91EB6D5DB749D40C781
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E010AB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x117d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E010A7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01158CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E010C9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E010CB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E010CCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E010A7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01158F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E010CAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1178628; // 0x0
								_v68 = _t77;
								_t78 =  *0x117862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1178628; // 0x0
							_t116 =  *0x117862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                      0x010ab94c
                                      0x010ab956
                                      0x010ab95c
                                      0x010ab95e
                                      0x010ab964
                                      0x010ab969
                                      0x010ab96d
                                      0x010ab96d
                                      0x010ab970
                                      0x010ab974
                                      0x010ab97a
                                      0x010abadf
                                      0x010abadf
                                      0x010abae2
                                      0x010abae4
                                      0x010abae6
                                      0x010abaf0
                                      0x010f2cb8
                                      0x010abaf6
                                      0x010abaf6
                                      0x010abaf6
                                      0x010abafd
                                      0x010abb1f
                                      0x010abb1f
                                      0x010abaff
                                      0x010abb00
                                      0x010abb00
                                      0x010abb03
                                      0x010abb03
                                      0x010abacb
                                      0x010abacf
                                      0x010abad0
                                      0x010abad1
                                      0x010abadc
                                      0x010abadc
                                      0x010ab980
                                      0x010ab980
                                      0x010ab988
                                      0x010ab98b
                                      0x010ab98d
                                      0x010ab990
                                      0x010ab993
                                      0x010ab999
                                      0x010ab99b
                                      0x010ab9a1
                                      0x010ab9a5
                                      0x010ab9aa
                                      0x010ab9b0
                                      0x010ab9bb
                                      0x010ab9c0
                                      0x010ab9c3
                                      0x010ab9ca
                                      0x010ab9cc
                                      0x010ab9cf
                                      0x010ab9d3
                                      0x010ab9d7
                                      0x010aba94
                                      0x010aba94
                                      0x010aba98
                                      0x010abaa3
                                      0x010f2ccb
                                      0x010abaa9
                                      0x010abaa9
                                      0x010abaa9
                                      0x010abab1
                                      0x010f2cd5
                                      0x010f2cdd
                                      0x010f2cdd
                                      0x010ababb
                                      0x010ababc
                                      0x010abac2
                                      0x010abac3
                                      0x010abac3
                                      0x010abac6
                                      0x00000000
                                      0x010ab9dd
                                      0x010ab9dd
                                      0x010ab9e7
                                      0x010ab9e7
                                      0x010ab9ec
                                      0x010ab9ec
                                      0x010ab9f1
                                      0x010ab9f5
                                      0x010ab9fa
                                      0x010aba00
                                      0x010aba0c
                                      0x010aba10
                                      0x010aba10
                                      0x010aba12
                                      0x010aba18
                                      0x00000000
                                      0x00000000
                                      0x010abb26
                                      0x010abb26
                                      0x010aba1e
                                      0x010aba1e
                                      0x010aba23
                                      0x010aba25
                                      0x010aba2c
                                      0x010aba30
                                      0x010aba35
                                      0x010aba35
                                      0x010aba41
                                      0x010aba46
                                      0x010aba4c
                                      0x010aba50
                                      0x010aba54
                                      0x010aba6a
                                      0x010aba6e
                                      0x010aba70
                                      0x010aba74
                                      0x010aba78
                                      0x010aba7a
                                      0x010aba7c
                                      0x010aba8e
                                      0x010aba90
                                      0x010aba92
                                      0x010abb14
                                      0x010abb14
                                      0x010abb16
                                      0x010abb16
                                      0x00000000
                                      0x010aba7c
                                      0x010abb0a
                                      0x010abb0d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010abb0f

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010AB9A5
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 885266447-0
                                      • Opcode ID: 5ab48c003052268d87014e00862bafa26780d940c0dce7d20e5c0f407469cd75
                                      • Instruction ID: 1a7e7a9c180b7c33cdd74bcdde1d1b2982b5ff31f515843b1c292b6dafc5f7ec
                                      • Opcode Fuzzy Hash: 5ab48c003052268d87014e00862bafa26780d940c0dce7d20e5c0f407469cd75
                                      • Instruction Fuzzy Hash: 77515771A08341CFC724DFA9C09092ABBF5FB98610F9489AEFAD587345D771E840CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01133D40 Relevance: 1.6, APIs: 1, Instructions: 98timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E01133D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x117d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E010A2280(_t34, 0x1178a6c);
				_t64 =  *0x1175768; // 0x77995768
				if(_t64 != 0x1175768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77995770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0109FFB0(_t53, _t64, 0x1178a6c);
						 *0x117b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E010A2280(_t45, 0x1178a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1175768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0109FFB0(_t51, _t64, 0x1178a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E010CB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                      0x01133d40
                                      0x01133d48
                                      0x01133d52
                                      0x01133d59
                                      0x01133d5d
                                      0x01133d61
                                      0x01133d63
                                      0x01133d67
                                      0x01133d69
                                      0x01133d72
                                      0x01133d76
                                      0x01133d7a
                                      0x01133d7f
                                      0x01133d8b
                                      0x01133d91
                                      0x01133d91
                                      0x01133d91
                                      0x01133d94
                                      0x01133d96
                                      0x01133d9d
                                      0x01133da1
                                      0x01133db0
                                      0x01133dba
                                      0x01133dbc
                                      0x01133dbc
                                      0x01133dc6
                                      0x01133dcb
                                      0x01133dcf
                                      0x01133dd1
                                      0x01133dd4
                                      0x00000000
                                      0x00000000
                                      0x01133dd9
                                      0x01133e0c
                                      0x01133e0c
                                      0x01133e0f
                                      0x01133ddb
                                      0x01133ddb
                                      0x01133de0
                                      0x00000000
                                      0x01133de2
                                      0x01133de2
                                      0x01133de4
                                      0x01133de8
                                      0x01133deb
                                      0x01133df1
                                      0x00000000
                                      0x01133df3
                                      0x01133df3
                                      0x01133df5
                                      0x01133df8
                                      0x01133dfa
                                      0x00000000
                                      0x01133dfa
                                      0x01133df1
                                      0x01133de0
                                      0x01133e11
                                      0x01133e11
                                      0x00000000
                                      0x01133dfe
                                      0x01133e04
                                      0x01133e06
                                      0x00000000
                                      0x01133e06
                                      0x00000000
                                      0x01133e04
                                      0x01133d91
                                      0x01133e15
                                      0x01133e1a
                                      0x01133e1f
                                      0x01133e1f
                                      0x01133e23
                                      0x01133e29
                                      0x00000000
                                      0x00000000
                                      0x01133e2e
                                      0x00000000
                                      0x01133e30
                                      0x01133e30
                                      0x01133e35
                                      0x00000000
                                      0x01133e37
                                      0x01133e3e
                                      0x01133e42
                                      0x01133e48
                                      0x01133e4e
                                      0x00000000
                                      0x01133e4e
                                      0x01133e35
                                      0x00000000
                                      0x01133e2e
                                      0x01133e5b
                                      0x01133e5c
                                      0x01133e5d
                                      0x01133e68
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 162e23ac33e26d2ee5f1c36f40eeffcf9f724cc12ddfa39c33c169ca63a00e6d
                                      • Instruction ID: 01d6f0e97754d2c1a213a40c30acc1bccaca4cdc7c84f9a1f2c2b43f697cf0ae
                                      • Opcode Fuzzy Hash: 162e23ac33e26d2ee5f1c36f40eeffcf9f724cc12ddfa39c33c169ca63a00e6d
                                      • Instruction Fuzzy Hash: 6E318471609312CFCB18DF18D58499ABBE1FFC5714F44896EE4A89B345D330E904CBAA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 58%
                                      			E010C4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x117d360 ^ _t62;
				_v8 =  *0x117d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E010A2280(_t26, 0x1178608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0109FFB0(_t41, _t51, 0x1178608);
						L2:
						 *0x117b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E010CB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E010A2280(_t28, 0x1178608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0109FFB0(_t42, _t53, 0x1178608);
							if(_t53 != 0) {
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0109FFB0(_t41, _t51, 0x1178608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                      0x010c4a2c
                                      0x010c4a34
                                      0x010c4a3c
                                      0x010c4a3e
                                      0x010c4a48
                                      0x010c4a4b
                                      0x010c4a4d
                                      0x010c4a51
                                      0x010c4a9c
                                      0x00000000
                                      0x00000000
                                      0x010c4aa3
                                      0x010c4aa8
                                      0x010c4aad
                                      0x010c4ab1
                                      0x010c4ade
                                      0x010c4ae3
                                      0x010c4a5a
                                      0x010c4a62
                                      0x010c4a6a
                                      0x010c4a6e
                                      0x010ff203
                                      0x010c4a84
                                      0x010c4a88
                                      0x010c4a89
                                      0x010c4a8a
                                      0x010c4a95
                                      0x010c4a95
                                      0x010c4a79
                                      0x010c4a80
                                      0x010c4af2
                                      0x010c4af4
                                      0x010c4af9
                                      0x010c4aff
                                      0x010c4b01
                                      0x010c4b03
                                      0x010c4b08
                                      0x010ff20a
                                      0x010ff212
                                      0x010ff216
                                      0x010ff216
                                      0x010c4b08
                                      0x010c4b13
                                      0x010c4b1a
                                      0x010ff229
                                      0x010ff229
                                      0x010c4b1a
                                      0x010c4a82
                                      0x00000000
                                      0x010c4a82
                                      0x010c4ab7
                                      0x010c4acd
                                      0x010c4acd
                                      0x010c4ad5
                                      0x010c4ada
                                      0x00000000
                                      0x010c4ada
                                      0x010c4ac2
                                      0x010c4acb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010c4acb
                                      0x010c4a53
                                      0x010c4a53
                                      0x010c4a58
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: 250e0ddb665f60f8e82e98659733164ce9e1b55629279712e6c3162bcf34606b
                                      • Instruction ID: f84cf010704f4c618b712c8cd3f9c4c225966e1a41d4939128af3ab5d768fea8
                                      • Opcode Fuzzy Hash: 250e0ddb665f60f8e82e98659733164ce9e1b55629279712e6c3162bcf34606b
                                      • Instruction Fuzzy Hash: 4631CD32205652ABCB629F59C995B6EBBE4FF84F10F4045ADE9968B641CB70D800CF85
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E010A0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x117d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E010B9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E010CB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01158A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E010B9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x117b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                      0x010a0055
                                      0x010a005d
                                      0x010a0062
                                      0x010a006c
                                      0x010a006f
                                      0x010a0074
                                      0x010a007a
                                      0x010a007a
                                      0x010a0080
                                      0x010a0080
                                      0x010a0087
                                      0x010a008d
                                      0x010a008f
                                      0x010a0093
                                      0x010a0095
                                      0x010a009b
                                      0x010a00f8
                                      0x010a00fb
                                      0x010a00fc
                                      0x010a00ff
                                      0x010a0108
                                      0x010a0108
                                      0x010a00a2
                                      0x010a00a6
                                      0x010a00b3
                                      0x010a00bc
                                      0x010a00c5
                                      0x010a00ca
                                      0x010ec01e
                                      0x00000000
                                      0x00000000
                                      0x010ec02d
                                      0x010a00d5
                                      0x010a00d9
                                      0x010ec03d
                                      0x010ec046
                                      0x010ec046
                                      0x010a00df
                                      0x010a00e2
                                      0x010a00ea
                                      0x010a00ef
                                      0x010a00f2
                                      0x010a00f6
                                      0x010a0111
                                      0x010a0117
                                      0x010a0117
                                      0x00000000
                                      0x010a00f6
                                      0x010a00d0
                                      0x010a00d0
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID:
                                      • API String ID: 3446177414-0
                                      • Opcode ID: b7dce0e77833827a8f082a2bc560723fb38091d985cafe10a9d73ba943a01161
                                      • Instruction ID: cf49becd32835b8c11fc16cba547e310fb92540b5ce366ad351041b097f4ae84
                                      • Opcode Fuzzy Hash: b7dce0e77833827a8f082a2bc560723fb38091d985cafe10a9d73ba943a01161
                                      • Instruction Fuzzy Hash: 8D31DD31241B08CFD766CF68C840B9AB7E5FF88714F1445ADF5A687B90EB31A801CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 42%
                                      			E0108C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x117d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0109EEF0(0x11770a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0110F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0109EB70(_t29, 0x11770a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E010CB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0110F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11770c0; // 0x0
					while(_t38 != 0x11770c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x117b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                      0x0108c96a
                                      0x0108c974
                                      0x0108c988
                                      0x0108c98a
                                      0x010f7c9d
                                      0x010f7c9f
                                      0x010f7ca4
                                      0x010f7cae
                                      0x010f7cf0
                                      0x010f7cf5
                                      0x010f7cfa
                                      0x0108c992
                                      0x0108c996
                                      0x0108c997
                                      0x0108c998
                                      0x0108c9a3
                                      0x0108c9a3
                                      0x010f7cb0
                                      0x010f7cb7
                                      0x010f7cbb
                                      0x00000000
                                      0x00000000
                                      0x010f7cbd
                                      0x010f7ce8
                                      0x010f7cc5
                                      0x010f7cc8
                                      0x010f7cca
                                      0x010f7cd0
                                      0x010f7cd6
                                      0x010f7cde
                                      0x010f7ce4
                                      0x010f7ce4
                                      0x010f7cd0
                                      0x00000000
                                      0x010f7ce8
                                      0x0108c990
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9cb1100a0c9e8187a52e8711e9980db857fa5324c4f589a695a2659fd06d940f
                                      • Instruction ID: a64db191e66863077c99b24a39279f2f0ab088d48a1204d8a08d18ae945615f4
                                      • Opcode Fuzzy Hash: 9cb1100a0c9e8187a52e8711e9980db857fa5324c4f589a695a2659fd06d940f
                                      • Instruction Fuzzy Hash: 3311E53170060A9BCB66AF3CDC46AAB7BF5BB85614F00053CEAC593A91DB20ED54C7D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E010BFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0109EEF0(0x1177b60);
					_t134 =  *0x1177b84; // 0x77997b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1177b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1177b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01096D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010976E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01128938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0108B150();
													}
													_t116 = E01126D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010975CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1178638; // 0x0
																	_t122 = L010938A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010976E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010976E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L010BFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010970F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E010BFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E010BFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E010BFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E010BFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E010BFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1177b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1177b84 = _t75;
						_t73 = E0109EB70(_t134, 0x1177b60);
						if( *0x1177b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0109FF60( *0x1177b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                      0x010bfab0
                                      0x010bfab2
                                      0x010bfab3
                                      0x010bfab4
                                      0x010bfabc
                                      0x010bfac0
                                      0x010bfb14
                                      0x010bfb17
                                      0x010bfac2
                                      0x010bfac8
                                      0x010bfacd
                                      0x010bfad3
                                      0x010bfad3
                                      0x010bfadd
                                      0x010bfb18
                                      0x010bfb1b
                                      0x010bfb1d
                                      0x010bfb1e
                                      0x010bfb1f
                                      0x010bfb20
                                      0x010bfb21
                                      0x010bfb22
                                      0x010bfb23
                                      0x010bfb24
                                      0x010bfb25
                                      0x010bfb26
                                      0x010bfb27
                                      0x010bfb28
                                      0x010bfb29
                                      0x010bfb2a
                                      0x010bfb2b
                                      0x010bfb2c
                                      0x010bfb2d
                                      0x010bfb2e
                                      0x010bfb2f
                                      0x010bfb3a
                                      0x010bfb3b
                                      0x010bfb3e
                                      0x010bfb41
                                      0x010bfb44
                                      0x010bfb47
                                      0x010bfb4a
                                      0x010bfb4d
                                      0x010bfb53
                                      0x010fbdcb
                                      0x010fbdcb
                                      0x010bfb59
                                      0x010bfb5b
                                      0x010bfb5b
                                      0x010bfb5e
                                      0x010fbdd5
                                      0x010fbdd8
                                      0x00000000
                                      0x010fbdda
                                      0x00000000
                                      0x010fbdda
                                      0x010bfb64
                                      0x010bfb64
                                      0x010bfb64
                                      0x010bfb67
                                      0x010bfb6e
                                      0x010bfb70
                                      0x010bfb72
                                      0x00000000
                                      0x010bfb78
                                      0x010bfb7a
                                      0x010bfb7a
                                      0x010bfb7d
                                      0x010bfb80
                                      0x010fbddf
                                      0x010fbde1
                                      0x00000000
                                      0x010fbde3
                                      0x00000000
                                      0x010fbde3
                                      0x010bfb86
                                      0x010bfb86
                                      0x010bfb86
                                      0x010bfb8b
                                      0x010bfb90
                                      0x010bfb92
                                      0x010bfb94
                                      0x010bfb9a
                                      0x010bfb9b
                                      0x010bfba1
                                      0x010fbde8
                                      0x010fbdeb
                                      0x010fbded
                                      0x010fbeb5
                                      0x010fbeb5
                                      0x010fbebb
                                      0x010fbebd
                                      0x010fbec3
                                      0x010fbed2
                                      0x010fbedd
                                      0x010fbedd
                                      0x010fbeed
                                      0x00000000
                                      0x010fbdf3
                                      0x010fbdfe
                                      0x010fbe06
                                      0x010fbe0b
                                      0x010fbe0d
                                      0x010fbe0f
                                      0x010fbe14
                                      0x010fbe19
                                      0x010fbe20
                                      0x010fbe25
                                      0x010fbe27
                                      0x010fbe35
                                      0x010fbe39
                                      0x010fbe46
                                      0x010fbe4f
                                      0x010fbe54
                                      0x010fbe56
                                      0x010fbef8
                                      0x010fbef8
                                      0x00000000
                                      0x010fbe5c
                                      0x010fbe5c
                                      0x010fbe60
                                      0x00000000
                                      0x010fbe66
                                      0x010fbe66
                                      0x010fbe7f
                                      0x010fbe84
                                      0x010fbe87
                                      0x010fbe89
                                      0x010fbe8b
                                      0x010fbe99
                                      0x010fbe9d
                                      0x010fbea0
                                      0x010fbeac
                                      0x010fbeaf
                                      0x010fbeb1
                                      0x010fbeb3
                                      0x010fbeb3
                                      0x00000000
                                      0x010fbea2
                                      0x010fbea2
                                      0x00000000
                                      0x010fbea2
                                      0x010fbe8d
                                      0x010fbe8d
                                      0x010fbe92
                                      0x00000000
                                      0x010fbe92
                                      0x010fbe8b
                                      0x010fbe60
                                      0x010fbe3b
                                      0x010fbe3b
                                      0x010fbe3e
                                      0x00000000
                                      0x010fbe40
                                      0x010fbe40
                                      0x010fbe44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010fbe44
                                      0x010fbe3e
                                      0x010fbe29
                                      0x010fbe29
                                      0x00000000
                                      0x010fbe29
                                      0x010fbe27
                                      0x00000000
                                      0x010bfba7
                                      0x010bfba7
                                      0x010bfbab
                                      0x010fbf02
                                      0x010bfbb1
                                      0x010bfbb1
                                      0x010bfbb8
                                      0x010bfbbd
                                      0x010bfbbd
                                      0x010bfbbf
                                      0x010bfbbf
                                      0x010bfbc5
                                      0x010bfbcb
                                      0x010bfbf8
                                      0x010bfbf8
                                      0x010bfbfa
                                      0x00000000
                                      0x010bfc00
                                      0x010bfc00
                                      0x010bfc03
                                      0x00000000
                                      0x010bfc09
                                      0x010bfc09
                                      0x010bfc0f
                                      0x010bfc15
                                      0x010bfc23
                                      0x010bfc23
                                      0x010bfc25
                                      0x010bfc27
                                      0x010bfc75
                                      0x010bfc7c
                                      0x010bfc84
                                      0x00000000
                                      0x010bfc29
                                      0x010bfc29
                                      0x010bfc2d
                                      0x010bfc30
                                      0x010fbf0f
                                      0x00000000
                                      0x010bfc36
                                      0x010bfc38
                                      0x010bfc3b
                                      0x010bfc41
                                      0x010fbf17
                                      0x010fbf19
                                      0x010fbf48
                                      0x010fbf4b
                                      0x00000000
                                      0x010fbf1b
                                      0x010fbf22
                                      0x010fbf24
                                      0x010fbf26
                                      0x00000000
                                      0x010fbf2c
                                      0x010fbf37
                                      0x010fbf39
                                      0x010fbf3b
                                      0x00000000
                                      0x010fbf41
                                      0x010fbf41
                                      0x010fbf41
                                      0x010fbf41
                                      0x010fbf45
                                      0x00000000
                                      0x010fbf45
                                      0x010fbf3b
                                      0x010fbf26
                                      0x00000000
                                      0x010bfc47
                                      0x010bfc47
                                      0x010bfc49
                                      0x010bfcb2
                                      0x010bfcb4
                                      0x010bfcb6
                                      0x010bfcdc
                                      0x010bfcdc
                                      0x00000000
                                      0x010bfcb8
                                      0x010bfcc3
                                      0x010bfcc5
                                      0x010bfcc7
                                      0x00000000
                                      0x010bfcc9
                                      0x010bfcc9
                                      0x010bfccd
                                      0x00000000
                                      0x010bfccd
                                      0x010bfcc7
                                      0x00000000
                                      0x010bfc4b
                                      0x010bfc4b
                                      0x010bfc4e
                                      0x010bfc4e
                                      0x010bfc51
                                      0x010bfc51
                                      0x010bfc54
                                      0x010bfc5a
                                      0x010bfc5c
                                      0x010bfc5f
                                      0x010bfc61
                                      0x010bfc63
                                      0x010bfc65
                                      0x010bfc67
                                      0x010bfc6e
                                      0x010bfc72
                                      0x010bfc72
                                      0x010bfc72
                                      0x010bfc72
                                      0x010bfc67
                                      0x010bfc61
                                      0x00000000
                                      0x010bfc5a
                                      0x010bfc49
                                      0x010bfc41
                                      0x010bfc30
                                      0x010bfc27
                                      0x010bfc03
                                      0x010bfbcd
                                      0x010bfbd3
                                      0x010bfbd9
                                      0x010bfbdc
                                      0x010bfbde
                                      0x010bfc99
                                      0x010bfc9b
                                      0x010bfc9d
                                      0x010bfcd5
                                      0x010bfcd5
                                      0x010bfc89
                                      0x010bfc89
                                      0x00000000
                                      0x010bfc9f
                                      0x010bfc9f
                                      0x010bfca3
                                      0x00000000
                                      0x010bfca3
                                      0x00000000
                                      0x010bfbe4
                                      0x010bfbe4
                                      0x010bfbe4
                                      0x010bfbe4
                                      0x010bfbe9
                                      0x010bfbf2
                                      0x00000000
                                      0x010bfbf2
                                      0x010bfbde
                                      0x010bfbcb
                                      0x010bfbab
                                      0x010bfc8b
                                      0x010bfc8b
                                      0x010bfc8c
                                      0x010bfb80
                                      0x010bfb72
                                      0x010bfb5e
                                      0x010bfc8d
                                      0x010bfc91
                                      0x010bfadf
                                      0x010bfadf
                                      0x010bfae1
                                      0x010bfae4
                                      0x010bfae7
                                      0x010bfaec
                                      0x010bfaf8
                                      0x010bfb00
                                      0x010bfb07
                                      0x010bfb0f
                                      0x010bfb0f
                                      0x010bfb07
                                      0x00000000
                                      0x010bfaf8
                                      0x010bfadd

                                      Strings
                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 010FBE0F
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                      • API String ID: 0-865735534
                                      • Opcode ID: e6544157314ae78ebb93dcdf163f465e0b22fd73b0b05e7d7ce14a3ab645d7c7
                                      • Instruction ID: a70bf1d2129a2195519d2f5ad2205a8df48e14598992c6abb0f2575db44a2fe7
                                      • Opcode Fuzzy Hash: e6544157314ae78ebb93dcdf163f465e0b22fd73b0b05e7d7ce14a3ab645d7c7
                                      • Instruction Fuzzy Hash: F3A1D471B0060B8BEB65DF68C990BFAB7E5AF44710F0445BDDA96DBA81DB30D841CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01082D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E01082D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1175350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1177bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010C97C0();
				}
				if( *0x11779c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11779c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E010B1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E010A7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0111FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E010C9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E010BE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E010DDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1176901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1176901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E010C9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010C95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E010A7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E010A7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01107016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0111FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1175350;
							if(_t109 != 0x1175350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0111FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01115720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                      0x01082d8a
                                      0x01082d8a
                                      0x01082d92
                                      0x01082d96
                                      0x01082d9e
                                      0x01082da0
                                      0x01082da3
                                      0x01082da5
                                      0x01082da8
                                      0x01082dab
                                      0x01082db2
                                      0x010df9aa
                                      0x010df9ab
                                      0x010df9ae
                                      0x010df9ae
                                      0x01082db8
                                      0x01082dc2
                                      0x010df9b9
                                      0x010df9be
                                      0x010df9bf
                                      0x010df9bf
                                      0x01082dcf
                                      0x010df9c9
                                      0x01082dd5
                                      0x01082dd5
                                      0x01082dd5
                                      0x01082dde
                                      0x01082de1
                                      0x01082e70
                                      0x01082e72
                                      0x01082e72
                                      0x01082de7
                                      0x01082deb
                                      0x01082e7c
                                      0x01082e83
                                      0x01082e85
                                      0x01082e8b
                                      0x01082e8d
                                      0x01082e92
                                      0x01082e92
                                      0x01082e85
                                      0x01082df1
                                      0x01082df7
                                      0x01082df9
                                      0x01082df9
                                      0x01082dfc
                                      0x01082dff
                                      0x01082e02
                                      0x00000000
                                      0x01082e05
                                      0x01082e0c
                                      0x010df9d9
                                      0x01082e12
                                      0x01082e12
                                      0x01082e12
                                      0x01082e1a
                                      0x010df9e3
                                      0x010df9e9
                                      0x010df9f0
                                      0x010df9f6
                                      0x010df9f8
                                      0x010df9f8
                                      0x010df9f0
                                      0x01082e23
                                      0x010dfa02
                                      0x010dfa03
                                      0x010dfa05
                                      0x010dfa06
                                      0x00000000
                                      0x01082e29
                                      0x01082e29
                                      0x01082e2e
                                      0x01082e34
                                      0x01082e3e
                                      0x00000000
                                      0x00000000
                                      0x01082e44
                                      0x01082e47
                                      0x01082e4d
                                      0x00000000
                                      0x00000000
                                      0x01082e4f
                                      0x01082e54
                                      0x00000000
                                      0x00000000
                                      0x01082e5a
                                      0x01082e5f
                                      0x01082e9a
                                      0x01082ea4
                                      0x01082ea5
                                      0x01082ea8
                                      0x01082eaf
                                      0x01082eb2
                                      0x01082eb5
                                      0x010dfae9
                                      0x010dfaeb
                                      0x010dfaed
                                      0x010dfaef
                                      0x010dfaf7
                                      0x010dfaf8
                                      0x010dfafd
                                      0x010dfaff
                                      0x010dfb04
                                      0x010dfb04
                                      0x010dfaff
                                      0x01082ec0
                                      0x01082ec4
                                      0x01082ec6
                                      0x01082ec8
                                      0x010dfb14
                                      0x010dfb18
                                      0x010dfb1e
                                      0x010dfb21
                                      0x010dfb21
                                      0x01082ece
                                      0x01082ece
                                      0x01082ece
                                      0x01082ed7
                                      0x01082e61
                                      0x01082e63
                                      0x010dfa6b
                                      0x010dfa71
                                      0x010dfa76
                                      0x010dfa78
                                      0x010dfa8a
                                      0x010dfa7a
                                      0x010dfa83
                                      0x010dfa83
                                      0x010dfa8f
                                      0x010dfa91
                                      0x010dfa97
                                      0x010dfa9d
                                      0x010dfaa4
                                      0x010dfaaa
                                      0x010dfaaf
                                      0x010dfab1
                                      0x010dfac3
                                      0x010dfab3
                                      0x010dfabc
                                      0x010dfabc
                                      0x010dfac8
                                      0x010dfacb
                                      0x010dfadf
                                      0x010dfadf
                                      0x010dfacb
                                      0x010dfaa4
                                      0x010dfa91
                                      0x01082e6f
                                      0x01082e6f
                                      0x01082e5f
                                      0x010dfa13
                                      0x010dfa15
                                      0x010dfa17
                                      0x010dfa1f
                                      0x010dfa21
                                      0x010dfa22
                                      0x010dfa25
                                      0x010dfa28
                                      0x010dfa2f
                                      0x010dfa2f
                                      0x010dfa2a
                                      0x010dfa2a
                                      0x010dfa2a
                                      0x010dfa31
                                      0x010dfa34
                                      0x010dfa36
                                      0x010dfa3c
                                      0x010dfa3e
                                      0x010dfa41
                                      0x010dfa43
                                      0x010dfa45
                                      0x010dfa45
                                      0x010dfa41
                                      0x010dfa3c
                                      0x010dfa4a
                                      0x010dfa4f
                                      0x010dfa51
                                      0x010dfa53
                                      0x010dfa56
                                      0x010dfa5b
                                      0x010dfa5e
                                      0x00000000
                                      0x010dfa5e
                                      0x01082e23

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Re-Waiting
                                      • API String ID: 0-316354757
                                      • Opcode ID: 68fbe72923f1a871345668acf7e1b9c40a1a9db14010fdaa5877a36d5fd924ab
                                      • Instruction ID: c123e2d454699c5358f728d103e73c6d154fda04b83e63920ad225064590feb6
                                      • Opcode Fuzzy Hash: 68fbe72923f1a871345668acf7e1b9c40a1a9db14010fdaa5877a36d5fd924ab
                                      • Instruction Fuzzy Hash: 8A612571A047069FDB22EF6CC840B7EBBF5EB44714F1482A9E5D29B2C1C7749942C782
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E010BF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E010A4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E010C9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E010C9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010C95D0();
							goto L11;
						} else {
							_t109 = E010A4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E010CF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010C95D0();
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                      0x010bf0d3
                                      0x010bf0d9
                                      0x010bf0e0
                                      0x010bf0e7
                                      0x010bf0f2
                                      0x010bf0f4
                                      0x010bf0f8
                                      0x010bf100
                                      0x010bf108
                                      0x010bf10d
                                      0x010bf115
                                      0x010bf116
                                      0x010bf11f
                                      0x010bf123
                                      0x010bf124
                                      0x010bf12c
                                      0x010bf130
                                      0x010bf134
                                      0x010bf13d
                                      0x010bf144
                                      0x010bf14b
                                      0x010bf152
                                      0x010fbab0
                                      0x010fbab0
                                      0x010bf158
                                      0x010bf158
                                      0x010bf15a
                                      0x010bf160
                                      0x010bf165
                                      0x010bf166
                                      0x010bf16f
                                      0x010bf173
                                      0x010fbaa7
                                      0x010fbaa7
                                      0x010fbaab
                                      0x00000000
                                      0x010bf179
                                      0x010bf18d
                                      0x010bf191
                                      0x010fbaa2
                                      0x00000000
                                      0x010bf197
                                      0x010bf19b
                                      0x010bf1a2
                                      0x010bf1a9
                                      0x010bf1af
                                      0x010bf1b2
                                      0x010bf1b6
                                      0x010bf1b9
                                      0x010bf1c4
                                      0x010bf1d8
                                      0x010bf1df
                                      0x010bf1e3
                                      0x010bf1eb
                                      0x010bf1ee
                                      0x010bf1f4
                                      0x010bf20f
                                      0x010fbab7
                                      0x010fbabb
                                      0x010fbacc
                                      0x010fbad1
                                      0x010bf215
                                      0x010bf218
                                      0x010bf226
                                      0x010bf22b
                                      0x00000000
                                      0x010bf22b
                                      0x010bf1f6
                                      0x010bf1f6
                                      0x010bf1f9
                                      0x010bf1fb
                                      0x010bf1fb
                                      0x010bf1f4
                                      0x010bf191
                                      0x010bf173
                                      0x010bf152
                                      0x010bf203

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction ID: 95eada6882a4177bc1aac341bb8d27520fa858c3518bf793ff2b544da87b1f68
                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction Fuzzy Hash: 3E517F71504711AFC321DF69C841AABBBF8FF58B10F00892DFA9597690E7B4E914CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01103540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E01103540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x117d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E010C0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01103706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E010CFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01103540;
						E010CFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E010DDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01110C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010C97C0();
					}
					return E010CB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01103971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01103884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E010CFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E010C9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01103787(_a4,  &_v352, _t80);
						}
					}
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010C95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                      0x01103552
                                      0x0110355a
                                      0x0110355d
                                      0x01103566
                                      0x01103567
                                      0x0110357e
                                      0x0110358f
                                      0x011035a1
                                      0x011035a5
                                      0x0110366b
                                      0x0110366b
                                      0x0110366d
                                      0x01103672
                                      0x01103679
                                      0x01103685
                                      0x0110368d
                                      0x0110369d
                                      0x011036a7
                                      0x011036b8
                                      0x011036c6
                                      0x011036c7
                                      0x011036dc
                                      0x011036e1
                                      0x011036e7
                                      0x011036e9
                                      0x011036e9
                                      0x01103703
                                      0x01103703
                                      0x011035b5
                                      0x011035c0
                                      0x011035c4
                                      0x00000000
                                      0x00000000
                                      0x011035ca
                                      0x011035d7
                                      0x011035e2
                                      0x011035e6
                                      0x011035e8
                                      0x011035f5
                                      0x011035fa
                                      0x01103603
                                      0x01103604
                                      0x01103609
                                      0x0110360a
                                      0x01103612
                                      0x01103613
                                      0x0110361e
                                      0x01103622
                                      0x01103628
                                      0x0110362f
                                      0x0110362f
                                      0x01103636
                                      0x01103638
                                      0x0110363b
                                      0x01103642
                                      0x01103642
                                      0x01103636
                                      0x01103657
                                      0x01103657
                                      0x0110365c
                                      0x01103662
                                      0x01103669
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryHash
                                      • API String ID: 0-2202222882
                                      • Opcode ID: e355bcb08746afccf739dc7346619f095468862fefa8aadd5a42398a15868f25
                                      • Instruction ID: 00b705210d03b30c484d88c5226263be02e1a15a6083e8b5c7ee250ea7b05d5d
                                      • Opcode Fuzzy Hash: e355bcb08746afccf739dc7346619f095468862fefa8aadd5a42398a15868f25
                                      • Instruction Fuzzy Hash: BF4130F2D1052D9EDB25DB50CC80FEEB77CAB54718F0045A5AA59AB280DB709F888F94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011505AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E011505AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011507DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E010C9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0114A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0114A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01151293(_t79, _v40, E011507DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E010A7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0114138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                      0x011505c5
                                      0x011505ca
                                      0x011505d3
                                      0x011506db
                                      0x011506db
                                      0x011506dd
                                      0x011506e3
                                      0x011506e3
                                      0x011505dd
                                      0x011505e7
                                      0x011505f6
                                      0x01150600
                                      0x01150607
                                      0x01150610
                                      0x01150615
                                      0x0115061a
                                      0x0115061c
                                      0x0115061e
                                      0x01150624
                                      0x01150625
                                      0x01150627
                                      0x01150628
                                      0x01150631
                                      0x01150640
                                      0x0115064d
                                      0x01150654
                                      0x01150654
                                      0x01150631
                                      0x0115066d
                                      0x01150674
                                      0x00000000
                                      0x00000000
                                      0x01150692
                                      0x0115069e
                                      0x011506b0
                                      0x011506a0
                                      0x011506a9
                                      0x011506a9
                                      0x011506b8
                                      0x011506d6
                                      0x011506d6
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction ID: 22c7715bf19ee97a34ad2ae12b20b976867d020fc842fa94072e4840af292770
                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction Fuzzy Hash: FE310432204706ABE754DE68CC85F9B7BD9EBC8754F144229FE689B280D770E944CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01103884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E01103884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E010C9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = E010A4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E010C9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                      0x01103893
                                      0x01103896
                                      0x01103899
                                      0x0110389f
                                      0x011038a0
                                      0x011038a4
                                      0x011038a9
                                      0x011038ac
                                      0x011038ad
                                      0x011038ae
                                      0x011038af
                                      0x011038b1
                                      0x011038b4
                                      0x011038bb
                                      0x011038bc
                                      0x011038bd
                                      0x011038c4
                                      0x011038c8
                                      0x011038ca
                                      0x011038ca
                                      0x011038d5
                                      0x0110393e
                                      0x01103940
                                      0x01103942
                                      0x01103952
                                      0x01103954
                                      0x01103961
                                      0x01103961
                                      0x01103967
                                      0x0110396e
                                      0x0110396e
                                      0x01103947
                                      0x0110394c
                                      0x00000000
                                      0x0110394c
                                      0x011038ea
                                      0x011038ee
                                      0x011038f8
                                      0x011038f9
                                      0x011038ff
                                      0x01103900
                                      0x01103902
                                      0x01103903
                                      0x0110390b
                                      0x0110390f
                                      0x01103950
                                      0x00000000
                                      0x01103950
                                      0x01103915
                                      0x0110391d
                                      0x0110391d
                                      0x01103922
                                      0x01103926
                                      0x00000000
                                      0x01103928
                                      0x0110392b
                                      0x0110392b
                                      0x01103935
                                      0x01103937
                                      0x01103937
                                      0x00000000
                                      0x01103935
                                      0x01103926
                                      0x011038f0
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryName
                                      • API String ID: 0-215506332
                                      • Opcode ID: d43c4250fef3ecf02731890d911b267efbd14f01ecc0b7f2d763462f232479a1
                                      • Instruction ID: d816adeded888bc2e53583ca05e07f1a712598ae9dc18f3218b141d54e7f2b47
                                      • Opcode Fuzzy Hash: d43c4250fef3ecf02731890d911b267efbd14f01ecc0b7f2d763462f232479a1
                                      • Instruction Fuzzy Hash: E131F932D1051AEFDB1ADB58C945DBFBB74FB44B20F014169E965A72D0E7709E00C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 33%
                                      			E010BD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x117d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E010A4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E010CB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010C98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010C95D0();
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                      0x010bd29c
                                      0x010bd2a6
                                      0x010bd2b1
                                      0x010bd2b5
                                      0x010bd2b6
                                      0x010bd2bc
                                      0x010bd2bd
                                      0x010bd2be
                                      0x010bd2bf
                                      0x010bd2c2
                                      0x010bd2c4
                                      0x010bd2cc
                                      0x010bd384
                                      0x010bd34b
                                      0x010bd34f
                                      0x010bd350
                                      0x010bd351
                                      0x010bd35c
                                      0x010bd35c
                                      0x010bd2d6
                                      0x010bd2da
                                      0x010bd2e1
                                      0x010bd361
                                      0x010bd369
                                      0x010bd36d
                                      0x010bd2e3
                                      0x010bd2e3
                                      0x010bd2e3
                                      0x010bd2e5
                                      0x010bd2ed
                                      0x010bd2f5
                                      0x010bd2fa
                                      0x010bd302
                                      0x010bd303
                                      0x010bd30b
                                      0x010bd30f
                                      0x010bd313
                                      0x010bd318
                                      0x010bd31c
                                      0x010bd320
                                      0x010bd379
                                      0x010bd37d
                                      0x00000000
                                      0x00000000
                                      0x010faffe
                                      0x010fb001
                                      0x010fb011
                                      0x00000000
                                      0x010bd322
                                      0x010bd322
                                      0x010bd330
                                      0x010bd337
                                      0x010bd35d
                                      0x010bd339
                                      0x010bd33f
                                      0x010bd38c
                                      0x010bd38c
                                      0x010bd33f
                                      0x010bd349
                                      0x00000000
                                      0x010bd349

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 49f11b8ba7614900561b290b37da29e03b5e6d45d4d9f5549567d286dd693890
                                      • Instruction ID: 01ca7915106795081c847da81fbdb27348db44ffbffb728a552f658af70b4f56
                                      • Opcode Fuzzy Hash: 49f11b8ba7614900561b290b37da29e03b5e6d45d4d9f5549567d286dd693890
                                      • Instruction Fuzzy Hash: 07318DB25093059FC351DFA8C9C09AFFBE8EB95A58F00492EF9D483251D635DD04CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01091B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E01091B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E010CBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E010CA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E010CA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = E010A4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                      0x01091b8f
                                      0x01091b9a
                                      0x01091b9c
                                      0x01091b9e
                                      0x01091ba3
                                      0x010e7010
                                      0x010e7010
                                      0x00000000
                                      0x01091ba9
                                      0x01091ba9
                                      0x01091bae
                                      0x00000000
                                      0x01091bc5
                                      0x01091bca
                                      0x01091bcf
                                      0x01091bd0
                                      0x01091bd1
                                      0x01091bd2
                                      0x01091bd6
                                      0x01091bdc
                                      0x01091be0
                                      0x010e6ffc
                                      0x010e7000
                                      0x00000000
                                      0x010e7006
                                      0x010e7009
                                      0x010e7009
                                      0x01091be6
                                      0x01091bec
                                      0x01091c0b
                                      0x01091c0b
                                      0x01091c0c
                                      0x01091c11
                                      0x01091c12
                                      0x01091c15
                                      0x01091c1b
                                      0x01091c1f
                                      0x01091c31
                                      0x01091c33
                                      0x010e7026
                                      0x010e7026
                                      0x01091c21
                                      0x01091c24
                                      0x01091c24
                                      0x01091bee
                                      0x01091bee
                                      0x01091bf2
                                      0x01091c3a
                                      0x01091bf4
                                      0x01091bf4
                                      0x01091c05
                                      0x01091c05
                                      0x01091c09
                                      0x01091c3e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01091c09
                                      0x01091bec
                                      0x01091be0
                                      0x01091bae
                                      0x01091c2e

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: WindowsExcludedProcs
                                      • API String ID: 0-3583428290
                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction ID: a6892c51154d779406853c61e9a3730bf5f9d4b6923e0b4f21944a5cec412133
                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction Fuzzy Hash: 9A2106BA70115EEBDF229A599854F9F7BEDEB40A60F054465FA948B200D630DD01A7E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010AF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                      0x010af71d
                                      0x010af722
                                      0x010af726
                                      0x010f4770
                                      0x010af765
                                      0x010af769
                                      0x010af769
                                      0x010af732
                                      0x010f477a
                                      0x00000000
                                      0x010f477a
                                      0x010af738
                                      0x010af73a
                                      0x010af73c
                                      0x010af73f
                                      0x010af746
                                      0x010af778
                                      0x010af7a9
                                      0x010af7a9
                                      0x010af754
                                      0x010af75a
                                      0x010af75d
                                      0x010af75f
                                      0x010af761
                                      0x010af76f
                                      0x010af771
                                      0x010af771
                                      0x010af76f
                                      0x010af763
                                      0x00000000
                                      0x010af763
                                      0x010af77d
                                      0x010af7a3
                                      0x010af7a5
                                      0x00000000
                                      0x010af7a5
                                      0x010af77f
                                      0x010af782
                                      0x010af784
                                      0x010af786
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010af788
                                      0x010af748
                                      0x010af74d
                                      0x010af78d
                                      0x010af793
                                      0x010af7b7
                                      0x010af7bc
                                      0x00000000
                                      0x010af7bc
                                      0x010af798
                                      0x00000000
                                      0x00000000
                                      0x010af79d
                                      0x010af7b0
                                      0x00000000
                                      0x010af7b0
                                      0x010af79f
                                      0x00000000
                                      0x010af74f
                                      0x010af74f
                                      0x00000000
                                      0x010af74f

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Actx
                                      • API String ID: 0-89312691
                                      • Opcode ID: 0033969b6af1fc757345208403c621e3385c44076766d99b34aeaa3439bbec0b
                                      • Instruction ID: a253e99f387a238d16e084b9f8db977bb13acd17f7abe86389bbbb01d1fb4457
                                      • Opcode Fuzzy Hash: 0033969b6af1fc757345208403c621e3385c44076766d99b34aeaa3439bbec0b
                                      • Instruction Fuzzy Hash: 7111B235304B538BFBB54E9D889073E7ED5BB85664FA4456AE9E2CB391EB70C8408340
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01138DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E01138DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1160d50);
				E010DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01115720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E010DDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E010DDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E010DD130(_t34, _t39, _t40);
			}





                                      0x01138df1
                                      0x01138df1
                                      0x01138df1
                                      0x01138df1
                                      0x01138df1
                                      0x01138df1
                                      0x01138df3
                                      0x01138df8
                                      0x01138dfd
                                      0x01138e00
                                      0x01138e0e
                                      0x01138e2a
                                      0x01138e36
                                      0x01138e38
                                      0x01138e3c
                                      0x01138e46
                                      0x01138e46
                                      0x01138e36
                                      0x01138e50
                                      0x01138e56
                                      0x01138e59
                                      0x01138e5c
                                      0x01138e60
                                      0x01138e67
                                      0x01138e6d
                                      0x01138e73
                                      0x01138e74
                                      0x01138eb1
                                      0x01138ebd

                                      Strings
                                      • Critical error detected %lx, xrefs: 01138E21
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Critical error detected %lx
                                      • API String ID: 0-802127002
                                      • Opcode ID: 906dcdda244c7abf6ff83826ce9cde0717c76860c86063a6567a3dcc2abc64a9
                                      • Instruction ID: 1eafe767e32cc48a8ae92de6150db2725c5b5b8ab7a187072a3229179de543fd
                                      • Opcode Fuzzy Hash: 906dcdda244c7abf6ff83826ce9cde0717c76860c86063a6567a3dcc2abc64a9
                                      • Instruction Fuzzy Hash: 8D115775D54348EADF29DFF885057DCBBB1BB54314F20426EE569AB282C3340602CF24
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01155BA5 Relevance: .6, Instructions: 592COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E01155BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1161178);
				E010DD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01154C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E010CD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01155542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11760e8;
								if( *0x11760e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11760e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E010C9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E010C6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E010CF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E010CF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E010CF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E010CFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E010CFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E010CF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E010CF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01154CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E010DD130(_t427, _t494, _t511);
				}
			}










































































                                      0x01155ba5
                                      0x01155baa
                                      0x01155baf
                                      0x01155bb4
                                      0x01155bb6
                                      0x01155bbc
                                      0x01155bbe
                                      0x01155bc4
                                      0x01155bcd
                                      0x01155bd3
                                      0x01155bd6
                                      0x01155bdc
                                      0x01155be0
                                      0x01155be3
                                      0x01155beb
                                      0x01155bf2
                                      0x01155bf8
                                      0x01155bfe
                                      0x01155c04
                                      0x01155c0e
                                      0x01155c18
                                      0x01155c1f
                                      0x01155c25
                                      0x01155c2a
                                      0x01155c2c
                                      0x01155c32
                                      0x01155c3a
                                      0x01155c3f
                                      0x01155c42
                                      0x01155c48
                                      0x01155c5b
                                      0x01155c5b
                                      0x01155c2c
                                      0x01155cb7
                                      0x01155cb9
                                      0x01155cbf
                                      0x01155cc2
                                      0x01155cca
                                      0x01155ccb
                                      0x01155ccb
                                      0x01155cd1
                                      0x01155cd7
                                      0x01155cda
                                      0x01155ce1
                                      0x01155ce4
                                      0x01155ce7
                                      0x01155ced
                                      0x01155cf3
                                      0x01155cf9
                                      0x01155cff
                                      0x01155d08
                                      0x01155d0a
                                      0x01155d0e
                                      0x01155d10
                                      0x00000000
                                      0x00000000
                                      0x01155d16
                                      0x01155d1a
                                      0x00000000
                                      0x00000000
                                      0x01155d20
                                      0x01155d22
                                      0x01155d25
                                      0x01155d2f
                                      0x01155d2f
                                      0x01155d33
                                      0x01155d3d
                                      0x01155d49
                                      0x01155d4b
                                      0x00000000
                                      0x00000000
                                      0x01155d5a
                                      0x01155d5d
                                      0x01155d60
                                      0x00000000
                                      0x00000000
                                      0x01155d66
                                      0x01155d69
                                      0x00000000
                                      0x00000000
                                      0x01155d6f
                                      0x01155d6f
                                      0x01155d73
                                      0x01155d79
                                      0x01155d7f
                                      0x01155d86
                                      0x01155d95
                                      0x01155d98
                                      0x01155dba
                                      0x01155dcb
                                      0x01155dce
                                      0x01155dd3
                                      0x01155dd6
                                      0x01155dd8
                                      0x01155de6
                                      0x01155dec
                                      0x01155dee
                                      0x01155df1
                                      0x01155df3
                                      0x0115635a
                                      0x0115635a
                                      0x00000000
                                      0x0115635a
                                      0x01155dfe
                                      0x01155e02
                                      0x01155e05
                                      0x01155e07
                                      0x01155e10
                                      0x01155e13
                                      0x01155e1b
                                      0x01155e1c
                                      0x01155e21
                                      0x01155e22
                                      0x01155e23
                                      0x01155e25
                                      0x01155e2a
                                      0x01155e2c
                                      0x01155e2e
                                      0x01155e36
                                      0x01155e39
                                      0x01155e42
                                      0x01155e47
                                      0x01155e4d
                                      0x01155e54
                                      0x01155e54
                                      0x01155e54
                                      0x01155e2e
                                      0x01155e5c
                                      0x01155e5f
                                      0x01155e62
                                      0x01155e64
                                      0x01155e6b
                                      0x01155e70
                                      0x01155e7a
                                      0x01155e7a
                                      0x01155e7a
                                      0x01155e6b
                                      0x01155e7e
                                      0x01155e7f
                                      0x01155e7f
                                      0x01155e81
                                      0x01155e87
                                      0x01155e8b
                                      0x01155e8c
                                      0x01155e8c
                                      0x01155e8c
                                      0x01155e9a
                                      0x01155e9c
                                      0x01155ea2
                                      0x01155ea6
                                      0x01155f50
                                      0x01155f50
                                      0x01155f57
                                      0x01155f66
                                      0x01155f66
                                      0x01155f66
                                      0x01155f68
                                      0x01155f6a
                                      0x011563d0
                                      0x00000000
                                      0x01155f70
                                      0x01155f70
                                      0x01155f91
                                      0x01155f9c
                                      0x01155f9e
                                      0x01155fa4
                                      0x01155fa6
                                      0x0115638c
                                      0x01156392
                                      0x011563a1
                                      0x011563a7
                                      0x011563af
                                      0x011563af
                                      0x011563bd
                                      0x011563d8
                                      0x00000000
                                      0x011563d8
                                      0x01155fac
                                      0x01155fb2
                                      0x01155fb4
                                      0x01155fbd
                                      0x01155fc6
                                      0x01155fce
                                      0x01155fd4
                                      0x01155fdc
                                      0x01155fec
                                      0x01155fed
                                      0x01155fee
                                      0x01155fef
                                      0x01155ff9
                                      0x01155ffa
                                      0x01155ffb
                                      0x01155ffc
                                      0x01156000
                                      0x01156004
                                      0x01156012
                                      0x01156012
                                      0x01156018
                                      0x01156019
                                      0x0115601a
                                      0x0115601b
                                      0x0115601c
                                      0x01156020
                                      0x01156059
                                      0x0115605c
                                      0x01156061
                                      0x01156061
                                      0x01156022
                                      0x01156022
                                      0x01156022
                                      0x01156025
                                      0x0115602a
                                      0x0115602b
                                      0x01156031
                                      0x01156037
                                      0x01156038
                                      0x0115603e
                                      0x01156048
                                      0x01156049
                                      0x0115604a
                                      0x0115604b
                                      0x0115604c
                                      0x0115604d
                                      0x01156053
                                      0x01156054
                                      0x01156054
                                      0x01156062
                                      0x01156065
                                      0x01156067
                                      0x0115606a
                                      0x01156070
                                      0x01156075
                                      0x01156076
                                      0x01156081
                                      0x01156087
                                      0x01156095
                                      0x01156099
                                      0x0115609e
                                      0x011560a4
                                      0x011560ae
                                      0x011560b0
                                      0x011560b3
                                      0x011560b6
                                      0x011560b8
                                      0x011560ba
                                      0x011560ba
                                      0x011560ba
                                      0x011560ba
                                      0x011560be
                                      0x011560c0
                                      0x011560c5
                                      0x011560c5
                                      0x011560c5
                                      0x011560c6
                                      0x011560cd
                                      0x01156114
                                      0x011560cf
                                      0x011560cf
                                      0x011560d4
                                      0x011560d5
                                      0x011560da
                                      0x011560db
                                      0x011560e1
                                      0x011560e2
                                      0x011560e8
                                      0x011560f8
                                      0x011560fd
                                      0x011560fe
                                      0x01156102
                                      0x01156104
                                      0x01156107
                                      0x01156109
                                      0x0115610b
                                      0x0115610b
                                      0x0115610b
                                      0x0115610b
                                      0x0115610f
                                      0x0115610f
                                      0x01156117
                                      0x0115611a
                                      0x0115611f
                                      0x01156125
                                      0x01156134
                                      0x01156139
                                      0x0115613f
                                      0x01156146
                                      0x01156148
                                      0x0115614b
                                      0x0115614d
                                      0x0115614f
                                      0x0115614f
                                      0x0115614f
                                      0x0115614f
                                      0x01156153
                                      0x01156159
                                      0x01156159
                                      0x0115615c
                                      0x01156163
                                      0x01156169
                                      0x0115616c
                                      0x01156172
                                      0x01156181
                                      0x01156186
                                      0x01156187
                                      0x0115618b
                                      0x01156191
                                      0x01156195
                                      0x011561a3
                                      0x011561bb
                                      0x011561c0
                                      0x011561c3
                                      0x011561cc
                                      0x011561d0
                                      0x011561dc
                                      0x011561de
                                      0x011561e1
                                      0x011561e4
                                      0x011561e6
                                      0x011561e8
                                      0x011561e8
                                      0x011561e8
                                      0x011561e8
                                      0x011561e6
                                      0x011561ec
                                      0x011561f3
                                      0x01156203
                                      0x01156209
                                      0x0115620a
                                      0x01156216
                                      0x0115621d
                                      0x01156227
                                      0x01156241
                                      0x01156246
                                      0x0115624c
                                      0x01156257
                                      0x01156259
                                      0x0115625c
                                      0x0115625e
                                      0x01156260
                                      0x01156260
                                      0x01156260
                                      0x01156260
                                      0x0115625e
                                      0x01156264
                                      0x01156267
                                      0x01156269
                                      0x01156315
                                      0x01156315
                                      0x0115631b
                                      0x0115631e
                                      0x01156324
                                      0x01156327
                                      0x0115632f
                                      0x01156330
                                      0x01156333
                                      0x0115633a
                                      0x0115633c
                                      0x01156335
                                      0x01156335
                                      0x01156335
                                      0x0115633f
                                      0x01156342
                                      0x0115634c
                                      0x01156352
                                      0x01156355
                                      0x01156355
                                      0x01156359
                                      0x00000000
                                      0x0115626f
                                      0x01156275
                                      0x01156275
                                      0x01156278
                                      0x0115627e
                                      0x0115627e
                                      0x01156281
                                      0x01156287
                                      0x0115628d
                                      0x01156298
                                      0x0115629c
                                      0x011562a2
                                      0x0115629e
                                      0x0115629e
                                      0x0115629e
                                      0x011562a7
                                      0x011562a7
                                      0x011562aa
                                      0x011562b0
                                      0x011562f0
                                      0x011562f0
                                      0x011562f2
                                      0x011562f8
                                      0x011562fd
                                      0x011562b2
                                      0x011562b2
                                      0x011562b2
                                      0x011562b5
                                      0x011562dd
                                      0x011562e2
                                      0x011562e5
                                      0x011562b7
                                      0x011562b8
                                      0x011562bb
                                      0x011562bd
                                      0x011562c0
                                      0x011562c4
                                      0x011562cd
                                      0x011562cd
                                      0x011562c0
                                      0x011562bb
                                      0x011562b5
                                      0x01156302
                                      0x01156303
                                      0x01156305
                                      0x01156305
                                      0x01156305
                                      0x0115630c
                                      0x0115630c
                                      0x00000000
                                      0x0115627e
                                      0x01156269
                                      0x01155eac
                                      0x01155ebb
                                      0x01155ebe
                                      0x01155ecb
                                      0x01155ecb
                                      0x01155ece
                                      0x01155ece
                                      0x01155ed4
                                      0x01155ed7
                                      0x01155ed9
                                      0x01155edb
                                      0x01155edb
                                      0x01155ee1
                                      0x01155ee1
                                      0x01155ee3
                                      0x01155f20
                                      0x01155f20
                                      0x01155ee5
                                      0x01155ee5
                                      0x01155ee5
                                      0x01155ee8
                                      0x01155f11
                                      0x01155f18
                                      0x01155eea
                                      0x01155eea
                                      0x01155eed
                                      0x01155ef2
                                      0x01155ef8
                                      0x01155efb
                                      0x01155f0a
                                      0x01155f0a
                                      0x01155eed
                                      0x01155ee8
                                      0x01155f22
                                      0x01155f28
                                      0x00000000
                                      0x00000000
                                      0x01155f30
                                      0x01155f31
                                      0x01155f37
                                      0x01155f3a
                                      0x01155f3d
                                      0x01155f44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01155f46
                                      0x01155f48
                                      0x01155f4d
                                      0x00000000
                                      0x01155f4d
                                      0x01155dda
                                      0x01155ddf
                                      0x00000000
                                      0x01155ddf
                                      0x01155dd8
                                      0x01155da7
                                      0x01155da9
                                      0x01155dac
                                      0x01155dae
                                      0x00000000
                                      0x01155db4
                                      0x01155db4
                                      0x00000000
                                      0x01155db4
                                      0x01155dae
                                      0x01155d88
                                      0x01155d8d
                                      0x01156363
                                      0x01156369
                                      0x0115636a
                                      0x01156370
                                      0x01156372
                                      0x0115637a
                                      0x0115637b
                                      0x0115637d
                                      0x00000000
                                      0x00000000
                                      0x0115637f
                                      0x01156385
                                      0x00000000
                                      0x01156385
                                      0x01155d38
                                      0x01155d3b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01155d3b
                                      0x01155d27
                                      0x01155d29
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01156360
                                      0x00000000
                                      0x01156360
                                      0x01155c10
                                      0x01155c10
                                      0x011563da
                                      0x011563e5
                                      0x011563e5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ce29526cc9205fa11eabf7b535f6b657b04f5c374aa09a3caf63213be9c2935
                                      • Instruction ID: fd1c3cb7bc2d829770872b703ec84bab1bca09268764976b96126c092a169772
                                      • Opcode Fuzzy Hash: 0ce29526cc9205fa11eabf7b535f6b657b04f5c374aa09a3caf63213be9c2935
                                      • Instruction Fuzzy Hash: F9426D71900229CFDBA8CF68C880BA9BBB1FF45304F5581AAD95DEB342D7349985CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A4120 Relevance: .4, Instructions: 444COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E010A4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x117d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E010BF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E010A6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = E010A4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E010A6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010A45F8))) {
												case 0:
													_v568 = 0x1061078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10611c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = E010A4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E010CF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E010CF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010852A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0109EB70(1, 0x11779a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0109AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010C95D0();
																			L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E010CB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E010C3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E010CB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                      0x010a4128
                                      0x010a4135
                                      0x010a413c
                                      0x010a4141
                                      0x010a4145
                                      0x010a4147
                                      0x010a414e
                                      0x010a4151
                                      0x010a4159
                                      0x010a415c
                                      0x010a4160
                                      0x010a4164
                                      0x010a4168
                                      0x010a416c
                                      0x010a417f
                                      0x010a4181
                                      0x010a446a
                                      0x010a446a
                                      0x010a418c
                                      0x010a4195
                                      0x010a4199
                                      0x010a4432
                                      0x010a4439
                                      0x010a443d
                                      0x010a4442
                                      0x010a4447
                                      0x00000000
                                      0x010a419f
                                      0x010a41a3
                                      0x010a41b1
                                      0x010a41b9
                                      0x010a41bd
                                      0x010a45db
                                      0x010a45db
                                      0x00000000
                                      0x010a41c3
                                      0x010a41c3
                                      0x010a41ce
                                      0x010a41d4
                                      0x010ee138
                                      0x010ee13e
                                      0x010ee169
                                      0x010ee16d
                                      0x010ee19e
                                      0x010ee16f
                                      0x010ee16f
                                      0x010ee175
                                      0x010ee179
                                      0x010ee18f
                                      0x010ee193
                                      0x00000000
                                      0x010ee199
                                      0x00000000
                                      0x010ee199
                                      0x010ee193
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a41da
                                      0x010a41da
                                      0x010a41df
                                      0x010a41e4
                                      0x010a41ec
                                      0x010a4203
                                      0x010a4207
                                      0x010ee1fd
                                      0x010a4222
                                      0x010a4226
                                      0x010ee1f3
                                      0x010ee1f3
                                      0x010a422c
                                      0x010a422c
                                      0x010a4233
                                      0x010ee1ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a4239
                                      0x010a4239
                                      0x010a4239
                                      0x010a4239
                                      0x010a4233
                                      0x010a4226
                                      0x010a41ee
                                      0x010a41ee
                                      0x010a41f4
                                      0x010a4575
                                      0x010ee1b1
                                      0x010ee1b1
                                      0x00000000
                                      0x010a457b
                                      0x010a457b
                                      0x010a4582
                                      0x010ee1ab
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a4588
                                      0x010a4588
                                      0x010a458c
                                      0x010ee1c4
                                      0x010ee1c4
                                      0x00000000
                                      0x010a4592
                                      0x010a4592
                                      0x010a4599
                                      0x010ee1be
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a459f
                                      0x010a459f
                                      0x010a45a3
                                      0x010ee1d7
                                      0x010ee1e4
                                      0x00000000
                                      0x010a45a9
                                      0x010a45a9
                                      0x010a45b0
                                      0x010ee1d1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a45b6
                                      0x010a45b6
                                      0x010a45b6
                                      0x00000000
                                      0x010a45b6
                                      0x010a45b0
                                      0x010a45a3
                                      0x010a4599
                                      0x010a458c
                                      0x010a4582
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a41f4
                                      0x010a423e
                                      0x010a4241
                                      0x010a45c0
                                      0x010a45c4
                                      0x00000000
                                      0x010a45ca
                                      0x010a45ca
                                      0x00000000
                                      0x010ee207
                                      0x010ee20f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a45d1
                                      0x00000000
                                      0x00000000
                                      0x010a45ca
                                      0x00000000
                                      0x010a4247
                                      0x010a4247
                                      0x010a4247
                                      0x010a4249
                                      0x010a4249
                                      0x010a4249
                                      0x010a4251
                                      0x010a4251
                                      0x010a4257
                                      0x010a425f
                                      0x010a426e
                                      0x010a4270
                                      0x010a427a
                                      0x010ee219
                                      0x010ee219
                                      0x010a4280
                                      0x010a4282
                                      0x010a4456
                                      0x010a45ea
                                      0x00000000
                                      0x010a45f0
                                      0x010ee223
                                      0x00000000
                                      0x010ee223
                                      0x010a445c
                                      0x010a445c
                                      0x00000000
                                      0x010a445c
                                      0x00000000
                                      0x010a4288
                                      0x010a428c
                                      0x010ee298
                                      0x010a4292
                                      0x010a4292
                                      0x010a429e
                                      0x010a42a3
                                      0x010a42a7
                                      0x010a42ac
                                      0x010ee22d
                                      0x010a42b2
                                      0x010a42b2
                                      0x010a42b9
                                      0x010a42bc
                                      0x010a42c2
                                      0x010a42ca
                                      0x010a42cd
                                      0x010a42cd
                                      0x010a42d4
                                      0x010a433f
                                      0x010a433f
                                      0x010a42d6
                                      0x010a42d6
                                      0x010a42d9
                                      0x010a42dd
                                      0x010a42eb
                                      0x010ee23a
                                      0x010a42f1
                                      0x010a4305
                                      0x010a430d
                                      0x010a4315
                                      0x010a4318
                                      0x010a431f
                                      0x010a4322
                                      0x010a432e
                                      0x010a433b
                                      0x010a433b
                                      0x00000000
                                      0x010a432e
                                      0x010a42eb
                                      0x010a434c
                                      0x010a434e
                                      0x010a4352
                                      0x010a4359
                                      0x010a435e
                                      0x010a4361
                                      0x010a436e
                                      0x010a438a
                                      0x010a438e
                                      0x010a4396
                                      0x010a439e
                                      0x010a43a1
                                      0x010a43ad
                                      0x010a43bb
                                      0x010a43bb
                                      0x010a43ad
                                      0x010a436e
                                      0x010a43bf
                                      0x010a43c5
                                      0x010a4463
                                      0x010a4463
                                      0x010a43ce
                                      0x010a43d5
                                      0x010a43d9
                                      0x010a43df
                                      0x010a4475
                                      0x010a4479
                                      0x010a4491
                                      0x010a4491
                                      0x010a4479
                                      0x010a43e5
                                      0x010a43eb
                                      0x010a43f4
                                      0x010a43f6
                                      0x010a43f9
                                      0x010a43fc
                                      0x010a43ff
                                      0x010a44e8
                                      0x010a44ed
                                      0x010a44f3
                                      0x010ee247
                                      0x00000000
                                      0x010a44f9
                                      0x010a4504
                                      0x010a4508
                                      0x010a450f
                                      0x010ee269
                                      0x00000000
                                      0x010a4515
                                      0x010a4519
                                      0x010a4531
                                      0x010a4534
                                      0x010a4537
                                      0x010a453e
                                      0x010a4541
                                      0x010a454a
                                      0x010ee255
                                      0x010ee255
                                      0x010ee25b
                                      0x010ee25e
                                      0x010ee261
                                      0x010ee261
                                      0x010a4555
                                      0x010a4559
                                      0x010a455d
                                      0x010ee26d
                                      0x010ee270
                                      0x010ee274
                                      0x010ee27a
                                      0x010ee27d
                                      0x010ee28e
                                      0x010ee28e
                                      0x010a4563
                                      0x010a4563
                                      0x010a4569
                                      0x010a4569
                                      0x00000000
                                      0x010a455d
                                      0x010a450f
                                      0x00000000
                                      0x010a44f3
                                      0x010a43ff
                                      0x010a4405
                                      0x010a4405
                                      0x010a4405
                                      0x010a42ac
                                      0x010a428c
                                      0x010a4282
                                      0x010a4407
                                      0x010a440d
                                      0x010ee2af
                                      0x010ee2af
                                      0x010a4413
                                      0x010a4413
                                      0x00000000
                                      0x010a41d4
                                      0x00000000
                                      0x010a41c3
                                      0x010a41bd
                                      0x010a4415
                                      0x010a4415
                                      0x010a4416
                                      0x010a4417
                                      0x010a4429
                                      0x010a416e
                                      0x010a416e
                                      0x010a4175
                                      0x010a4498
                                      0x010a449f
                                      0x010ee12d
                                      0x00000000
                                      0x010ee133
                                      0x00000000
                                      0x010ee133
                                      0x010a44a5
                                      0x010a44a5
                                      0x010a44aa
                                      0x00000000
                                      0x010a44bb
                                      0x010a44ca
                                      0x010a44d6
                                      0x010a44d7
                                      0x010a44d8
                                      0x010a44e3
                                      0x010a44e3
                                      0x010a44aa
                                      0x010a417b
                                      0x010a417b
                                      0x010a417b
                                      0x00000000
                                      0x010a417b
                                      0x010a4175
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2eb66202a98bb41b4fed53a69b94337f4cdebd769e020404595e0192a8d5ef2d
                                      • Instruction ID: 66e97f7d1c37baf5581803c96ed646c359f53496720c7a076ca0b34f3a30b99f
                                      • Opcode Fuzzy Hash: 2eb66202a98bb41b4fed53a69b94337f4cdebd769e020404595e0192a8d5ef2d
                                      • Instruction Fuzzy Hash: 60F18D746082118FD764CFA9C484A7ABBE1FF88714F88896EF5C6CB251E774D881CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E010B20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1178714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E010B2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E010B2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010858EC(_t240);
									_t221 =  *0x1175cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1175cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E010C4A2C(0x1176e40, 0x10c4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E010A7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1065c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E010BF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E010BF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01107016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L010A2400(_t267 + 0x20);
															}
															L010A2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E010B2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E010A2280(_t134, 0x1178608);
									__eflags =  *0x1176e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0109FFB0(_t198, _t241, 0x1178608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1176e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1178608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E010B6B90(_t210,  &_v64);
										_t262 =  *0x1178608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E010BE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010C97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E010C006A(0x1178608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1178608);
												E010CB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1176904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1176e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0109FFB0(_t198, _t240, 0x1178608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010C00C2(0x1178608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                      0x010b20a0
                                      0x010b20a8
                                      0x010b20ad
                                      0x010b20b3
                                      0x010b20b8
                                      0x010b20c2
                                      0x010b20c7
                                      0x010b20cb
                                      0x010b20d2
                                      0x010b2263
                                      0x010b2266
                                      0x010f5836
                                      0x010f5836
                                      0x00000000
                                      0x010b226c
                                      0x010b226c
                                      0x010b2270
                                      0x010b2274
                                      0x010b20e2
                                      0x010b20e2
                                      0x010b20e6
                                      0x010b20ee
                                      0x010f57dc
                                      0x010f57de
                                      0x010f57ec
                                      0x010f57ec
                                      0x010f57f1
                                      0x010f57f3
                                      0x010f57f8
                                      0x00000000
                                      0x010f57f8
                                      0x010f57e0
                                      0x010f57e4
                                      0x010f57ea
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f57ea
                                      0x010b20f4
                                      0x010b20f4
                                      0x010b20f8
                                      0x010b20f8
                                      0x010b20fc
                                      0x010b2100
                                      0x010b2106
                                      0x010b2201
                                      0x010b2206
                                      0x010b220b
                                      0x010b220e
                                      0x010b22a9
                                      0x010b22ac
                                      0x00000000
                                      0x00000000
                                      0x010b22b2
                                      0x010b22b5
                                      0x010f5801
                                      0x010f5806
                                      0x00000000
                                      0x00000000
                                      0x010f5810
                                      0x010f5815
                                      0x010f5818
                                      0x00000000
                                      0x00000000
                                      0x010f581e
                                      0x010b22bb
                                      0x010b22bb
                                      0x010b2218
                                      0x010b2218
                                      0x010b221c
                                      0x010b2220
                                      0x010b2222
                                      0x010b22c2
                                      0x010b22c4
                                      0x010b22dc
                                      0x010b22dc
                                      0x010b22e1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010b22e7
                                      0x010b22c8
                                      0x010b22cd
                                      0x010b22d3
                                      0x010b22d6
                                      0x010f5823
                                      0x010f5825
                                      0x010f5827
                                      0x00000000
                                      0x00000000
                                      0x010f582d
                                      0x00000000
                                      0x010f582d
                                      0x00000000
                                      0x010b2228
                                      0x010b2228
                                      0x00000000
                                      0x010b2228
                                      0x010b2222
                                      0x010b2214
                                      0x010b2214
                                      0x00000000
                                      0x010b2114
                                      0x010b2114
                                      0x010b2114
                                      0x010b211a
                                      0x010b211c
                                      0x010b2348
                                      0x010b234d
                                      0x010f5840
                                      0x010f5845
                                      0x010f5848
                                      0x010f584e
                                      0x010f584e
                                      0x010f5848
                                      0x010b2353
                                      0x010b2355
                                      0x010b2388
                                      0x010b2388
                                      0x010b2368
                                      0x010b236a
                                      0x010b236c
                                      0x010b238f
                                      0x00000000
                                      0x010b236e
                                      0x010b236e
                                      0x010b218e
                                      0x010b218e
                                      0x010b2191
                                      0x010b2195
                                      0x010f5a03
                                      0x010f5a06
                                      0x010f5a0c
                                      0x010f5a0f
                                      0x010f5a11
                                      0x010f5a13
                                      0x010f5a13
                                      0x010f5a19
                                      0x010f5a1f
                                      0x00000000
                                      0x010b219b
                                      0x010b219b
                                      0x010b21a0
                                      0x010b2282
                                      0x010b2284
                                      0x010b2284
                                      0x010b2284
                                      0x010b2284
                                      0x010b21a6
                                      0x010b21a9
                                      0x010b21ac
                                      0x010b21ae
                                      0x010b21b3
                                      0x010b228b
                                      0x010b2290
                                      0x010b2379
                                      0x010b2296
                                      0x010b2298
                                      0x010b2298
                                      0x010b2290
                                      0x010b21b9
                                      0x010b21be
                                      0x010b22a2
                                      0x010b22a2
                                      0x010b21c4
                                      0x010b21c8
                                      0x010b21cc
                                      0x010b21d0
                                      0x010b21d4
                                      0x010b21de
                                      0x010b21e3
                                      0x010f5a29
                                      0x010f5a2c
                                      0x00000000
                                      0x00000000
                                      0x010f5a3b
                                      0x00000000
                                      0x010b21e9
                                      0x010b21e9
                                      0x010b21e9
                                      0x010b21ee
                                      0x010b21f1
                                      0x010f5a45
                                      0x010f5a4b
                                      0x010f5a52
                                      0x010f5a58
                                      0x010f5a5d
                                      0x010f5a5f
                                      0x010f5a71
                                      0x010f5a61
                                      0x010f5a6a
                                      0x010f5a6a
                                      0x010f5a76
                                      0x010f5a79
                                      0x010f5a7f
                                      0x010f5a83
                                      0x010f5a85
                                      0x010f5a87
                                      0x010f5a87
                                      0x010f5a8c
                                      0x010f5a91
                                      0x010f5a97
                                      0x010f5a9f
                                      0x010f5aa0
                                      0x010f5aa1
                                      0x010f5aa6
                                      0x010f5aab
                                      0x010f5ab1
                                      0x010f5ab3
                                      0x010f5ab9
                                      0x010f5aca
                                      0x010f5ad4
                                      0x010f5ad4
                                      0x010f5ade
                                      0x010f5ade
                                      0x010f5aab
                                      0x010f5a79
                                      0x010f5a52
                                      0x010b21f7
                                      0x010b21f9
                                      0x010b21fe
                                      0x010b21fe
                                      0x010b21e3
                                      0x010b2195
                                      0x010b236c
                                      0x010b2122
                                      0x010b2122
                                      0x010b2124
                                      0x010b2231
                                      0x010b2236
                                      0x010b2236
                                      0x010b2238
                                      0x010b2238
                                      0x010b2240
                                      0x010b2242
                                      0x010b2244
                                      0x010f59fc
                                      0x010b218c
                                      0x010b218c
                                      0x00000000
                                      0x010b218c
                                      0x010b224a
                                      0x010b224f
                                      0x010b2256
                                      0x010b2304
                                      0x010b2309
                                      0x010b230f
                                      0x010b231e
                                      0x010b231e
                                      0x010b231e
                                      0x010b2320
                                      0x010b2325
                                      0x010b232a
                                      0x010b232c
                                      0x010b233e
                                      0x010b233e
                                      0x00000000
                                      0x010b232c
                                      0x010b2311
                                      0x010b2317
                                      0x010b231a
                                      0x010b231c
                                      0x010b2380
                                      0x010b2380
                                      0x010b2380
                                      0x010b2384
                                      0x00000000
                                      0x00000000
                                      0x010b2386
                                      0x00000000
                                      0x010b231c
                                      0x010b225c
                                      0x010b225c
                                      0x00000000
                                      0x010b225c
                                      0x010b212a
                                      0x010b2134
                                      0x010b2138
                                      0x010b213d
                                      0x010f5858
                                      0x010f5863
                                      0x010f5863
                                      0x010f5867
                                      0x010f586a
                                      0x00000000
                                      0x00000000
                                      0x010f586c
                                      0x010f586c
                                      0x010f5871
                                      0x010f5875
                                      0x010f5877
                                      0x010f5997
                                      0x010f599c
                                      0x010f59a1
                                      0x010f59a7
                                      0x010f59a7
                                      0x00000000
                                      0x010f59a7
                                      0x010f587d
                                      0x00000000
                                      0x010f588b
                                      0x010f588b
                                      0x010f5890
                                      0x010f5892
                                      0x010f5894
                                      0x010f5899
                                      0x010f589b
                                      0x010f58a0
                                      0x010f58a0
                                      0x010f58aa
                                      0x010f58b2
                                      0x010f58b6
                                      0x010f58be
                                      0x010f58c6
                                      0x010f58c9
                                      0x010f590d
                                      0x010f5917
                                      0x010f591a
                                      0x010f591c
                                      0x010f5920
                                      0x010f5928
                                      0x010f592a
                                      0x010f592c
                                      0x010f592e
                                      0x010f592e
                                      0x010f58cb
                                      0x010f58cd
                                      0x010f58d8
                                      0x010f58e0
                                      0x010f58f4
                                      0x010f58fe
                                      0x010f58fe
                                      0x010f593a
                                      0x010f593e
                                      0x010f5940
                                      0x010f5942
                                      0x00000000
                                      0x010f5944
                                      0x010f5944
                                      0x010f5949
                                      0x010f594e
                                      0x010f594e
                                      0x010f5953
                                      0x010f595b
                                      0x010f5976
                                      0x010f5976
                                      0x010f597a
                                      0x010f597f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f5981
                                      0x010f5981
                                      0x010f5981
                                      0x010f5983
                                      0x010f5988
                                      0x010f598d
                                      0x010f5991
                                      0x010f5991
                                      0x00000000
                                      0x010f595d
                                      0x010f595d
                                      0x010f5963
                                      0x010f5965
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f5967
                                      0x010f5967
                                      0x010f596b
                                      0x010f596d
                                      0x00000000
                                      0x00000000
                                      0x010f596f
                                      0x010f5971
                                      0x010f5971
                                      0x010f5974
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f5974
                                      0x00000000
                                      0x010f5967
                                      0x010f595b
                                      0x010f5942
                                      0x010f5863
                                      0x010b2143
                                      0x010b2143
                                      0x010b2149
                                      0x010b214f
                                      0x010b22f1
                                      0x010b22f6
                                      0x00000000
                                      0x010b2173
                                      0x010b2173
                                      0x010b217d
                                      0x010b2181
                                      0x010b2186
                                      0x010f59ae
                                      0x010f59b2
                                      0x010f59b5
                                      0x010f59b7
                                      0x010f59ba
                                      0x010f59cd
                                      0x010f59d1
                                      0x010f59d5
                                      0x010f59d9
                                      0x010f59db
                                      0x00000000
                                      0x00000000
                                      0x010f59dd
                                      0x010f59dd
                                      0x010f59e1
                                      0x010f59e4
                                      0x010f59e7
                                      0x010f59ee
                                      0x010f59ee
                                      0x010f59f3
                                      0x010f59f3
                                      0x00000000
                                      0x010b2186
                                      0x010b214f
                                      0x010b2106
                                      0x010b2266
                                      0x010b20d8
                                      0x010b20da
                                      0x010b20e0
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28fa8e79c3361cb47a7626d51af0238b7826229779f5a3b4adb3cc8971368a93
                                      • Instruction ID: b715d822851df0a41cebfaa5d5856e26df7af363b1b802b03f41f41e64fed0e4
                                      • Opcode Fuzzy Hash: 28fa8e79c3361cb47a7626d51af0238b7826229779f5a3b4adb3cc8971368a93
                                      • Instruction Fuzzy Hash: 2EF1F3316083019FE76ACF2CC8817AE7BE1AF95714F04896DEAD59B381D734E841CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B65A0 Relevance: .4, Instructions: 368COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 91%
                                      			E010B65A0(signed int __ecx, unsigned int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v12;
				unsigned int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* __ebx;
				signed int _t189;
				signed int _t197;
				signed int _t202;
				signed int _t203;
				unsigned int _t205;
				signed int _t206;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				intOrPtr _t227;
				signed int _t229;
				signed int* _t240;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed int _t264;
				signed int _t267;
				signed int _t271;
				intOrPtr _t278;
				intOrPtr _t279;
				signed int _t280;
				signed short _t283;
				signed int _t285;
				signed int _t290;
				signed char _t294;
				signed int _t295;
				intOrPtr _t296;
				intOrPtr* _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t311;
				signed int _t319;
				void* _t323;
				unsigned int _t325;
				signed int _t330;
				signed int _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t337;
				signed int _t343;
				signed int _t344;
				unsigned int _t345;
				signed int _t346;
				signed int _t347;
				unsigned int _t348;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed int _t367;
				intOrPtr* _t369;
				unsigned int _t371;
				signed int _t372;
				signed int _t376;

				_t325 = __edx;
				_t278 = _a16;
				_t189 =  *(_t278 + 2) & 0x000000ff;
				_t358 = __ecx;
				_t285 =  *(__edx + 0x1b) & 0x000000ff;
				_v16 = __edx;
				_v24 = __ecx;
				_v20 =  *((intOrPtr*)(__edx + 0x10));
				if(_t285 != 0) {
					_v12 =  *((intOrPtr*)(__ecx + 0x5c4 + _t189 * 4)) + 0xffffff98 + _t285 * 0x68;
				} else {
					_v12 =  *((intOrPtr*)(__ecx + 0x3c0 + _t189 * 4));
				}
				_t195 =  *(_t278 + 3) >> 0x00000001 & 0x00000003;
				if(( *(_t278 + 3) >> 0x00000001 & 0x00000003) != 0) {
					_t279 = _a12;
					_t197 = E011456B6(_t358, _t325, _a4, _t195 & 0x000000ff, _a8, _t279, _t278);
					__eflags = _t197;
					if(_t197 == 0) {
						_t325 = _v16;
						goto L4;
					}
				} else {
					_t279 = _a12;
					L4:
					_t290 = _a8 + 8;
					_v40 = _t290;
					_v28 = _t290 >> 0x00000003 & 0x0000ffff;
					 *_a4 = _t325;
					_t202 = _t279 - 0x20;
					if(_t290 == 0x20) {
						_t203 = _t202 >> 5;
					} else {
						_t203 = _t202 / _t290;
					}
					_t280 = 0;
					_v8 = 0;
					_t330 = (_t203 + 0x0000001f >> 0x00000003 & 0x1ffffffc) + 0x00000020 & 0xfffffff8;
					_t205 = _a4 + _t330;
					_v44 = _t330;
					_t333 =  *0x117874c; // 0x52d1df8b
					_v32 = _t333;
					if(_t290 + _t205 <= _a12 + _a4) {
						_t376 = _a8 + 8;
						_v36 = _t376 << 0xd;
						_t367 = _t205 - _a4 << 0xd;
						do {
							_t283 = _v8;
							_t319 = _t205 >> 0x00000003 ^  *(_v24 + 0xc) ^ _t367;
							_t367 = _t367 + _v36;
							 *_t205 = _t319 ^ _t333;
							_t280 = _t283 + 1;
							_v8 = _t280;
							 *(_t205 + 4) = (_t283 & 0x0000ffff) << 0x00000008 |  *(_t205 + 4) & 0xff0000ff;
							 *((char*)(_t205 + 7)) = 0x80;
							_t205 = _t205 + _t376;
							_t323 = _t376 + _t205;
							_t376 = _v40;
							_t333 = _v32;
						} while (_t323 <= _a4 + _a12);
						_t358 = _v24;
					}
					_t206 = _a4;
					 *(_t206 + 0x14) = _t280;
					 *((intOrPtr*)(_t206 + 0x18)) = _t206 + 0x1c;
					_t51 = _t280 + 7; // 0x7
					E010CFA60(_t206 + 0x1c, 0, _t51 >> 3);
					_t294 = _t280 & 0x0000001f;
					if(_t294 != 0) {
						 *(_a4 + (_t280 >> 5) * 4 + 0x1c) =  *(_a4 + (_t280 >> 5) * 4 + 0x1c) |  !((1 << _t294) - 1);
					}
					_t334 = _v16;
					_t295 = _a4;
					 *((short*)(_t334 + 0x14)) = _v28;
					 *_t334 = _v12;
					 *(_t334 + 0x18) = _t280;
					 *((char*)(_t334 + 0x1a)) =  *((intOrPtr*)(_a16 + 2));
					 *((short*)(_t334 + 0x16)) = 0;
					 *(_t334 + 4) = _t295;
					 *((intOrPtr*)(_t334 + 8)) = 0;
					 *((intOrPtr*)(_t334 + 0xc)) = 0;
					_t335 = _v12;
					_v26 = _v28 << 3;
					_v28 = _v44;
					 *(_t295 + 0x10) = _v32 ^ _v28 ^ _t358 ^ _t295;
					if( *((intOrPtr*)(_t335 + 0x54)) == 0) {
						_t296 =  *_t335;
						_t223 =  *(_t296 + 0x14);
						__eflags = _t223 - 0x20;
						if(__eflags < 0) {
							_t224 = _t223 + 4;
							__eflags = _t224;
							goto L32;
						}
						goto L29;
					} else {
						 *((short*)(_t335 + 0x60)) =  *((short*)(_t335 + 0x60)) + 1;
						if( *((short*)(_t335 + 0x60)) > 0x1c) {
							_t296 =  *_t335;
							_t271 =  *(_t296 + 0x14);
							__eflags = _t271;
							if(__eflags != 0) {
								_t224 = _t271 + 0xfffffffc;
								L32:
								 *(_t296 + 0x14) = _t224;
							}
							L29:
							 *((short*)(_t335 + 0x60)) = 0;
						}
					}
					_t369 = _t335 + 0x50;
					do {
						_t226 =  *_t369;
						_t359 =  *((intOrPtr*)(_t369 + 4));
						_v40 = _t226;
						_v44 = _t226 + _t280;
						if(_t280 <= 0) {
						}
						_t336 = _t359;
						asm("lock cmpxchg8b [esi]");
						_t280 = _v8;
					} while (_t226 != _v40 || _t336 != _t359);
					_t299 = _v12;
					_t337 =  *[fs:0x18];
					_t227 =  *_t299;
					 *((intOrPtr*)(_t227 + 0x10)) =  *((intOrPtr*)(_t227 + 0x10)) + 1;
					 *((intOrPtr*)(_t299 + 0x58)) =  *((intOrPtr*)(_t227 + 0x10));
					_t229 =  *(_t337 + 0xfaa) & 0x0000ffff;
					_t300 = _t229 + 0x00000001 & 0x000000ff;
					 *(_t337 + 0xfaa) = _t300 + 0x00000001 & 0x000000ff;
					_t302 = _t280;
					_v32 = ( *(_t229 + 0x1176120) & 0x000000ff | ( *(_t300 + 0x1176120) & 0x000000ff) << 0x00000007 & 0x0000ffff) % _t302 << 0x10;
					_t341 = _v16;
					_v32 = _t302;
					_t303 = _v32;
					 *((intOrPtr*)(_v16 + 0x1c)) = 1;
					asm("lock cmpxchg [esi], ecx");
					if(( *0x11784b4 & 0x00000002) == 0) {
						_t394 =  *0x11784b8;
						_t371 =  *( *[fs:0x18] + 0xfaa) & 0xff;
						_v32 = _t371;
						if( *0x11784b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11784b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E010C9670();
							if(__eflags < 0) {
								_t363 =  *0x7ffe0004;
								_v44 = _t363;
								__eflags = _t363 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0324;
									while(1) {
										_t311 =  *_t280;
										_t346 =  *0x7ffe0320;
										__eflags = _t311 -  *0x7ffe0328;
										if(_t311 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t264 = _t346;
									_t347 = _t264 * _v44 >> 0x20;
									_t303 = (_t311 << 8) * _v44;
									_t341 = _t347 >> 0x18;
									_t267 = ((_t347 << 0x00000020 | _t264 * _v44) >> 0x18) + (_t311 << 8) * _v44;
									__eflags = _t267;
								} else {
									_t348 =  *0x7ffe0320 * _t363 >> 0x20;
									_t267 = (_t348 << 0x00000020 | 0x7ffe0320 * _t363) >> 0x18;
									_t341 = _t348 >> 0x18;
								}
								 *0x11784b8 = _t267;
							}
						}
						_t251 = E010B5720(_t303, _t341, _t394, 0x11784b8);
						_t395 =  *0x11784b8;
						_t361 = _t251;
						_v40 = _t361;
						if( *0x11784b8 == 0) {
							_push(0);
							_push(4);
							_push(0x11784b8);
							_push(0x24);
							_push(0xffffffff);
							__eflags = E010C9670();
							if(__eflags < 0) {
								_t280 =  *0x7ffe0004;
								_v44 = _t280;
								__eflags = _t280 - 0x1000000;
								if(__eflags < 0) {
									_t280 = 0x7ffe0320;
									while(1) {
										_t309 =  *0x7ffe0324;
										_t343 =  *_t280;
										__eflags = _t309 -  *0x7ffe0328;
										if(_t309 ==  *0x7ffe0328) {
											break;
										}
										asm("pause");
									}
									_t371 = _v32;
									_t256 = _t343;
									_t344 = _t256 * _v44 >> 0x20;
									_t361 = _v40;
									_t303 = (_t309 << 8) * _v44;
									_t341 = _t344 >> 0x18;
									_t259 = ((_t344 << 0x00000020 | _t256 * _v44) >> 0x18) + (_t309 << 8) * _v44;
									__eflags = _t259;
								} else {
									_t345 =  *0x7ffe0320 * _t280 >> 0x20;
									_t259 = (_t345 << 0x00000020 | 0x7ffe0320 * _t280) >> 0x18;
									_t341 = _t345 >> 0x18;
								}
								 *0x11784b8 = _t259;
							}
							L58:
						}
						_t253 = E010B5720(_t303, _t341, _t395, 0x11784b8);
						_t341 = _v16;
						_t372 = _t371 >> 3;
						 *(0x1176120 + _t372 * 8) = _t253 & 0x7f7f7f7f;
						 *(0x1176124 + _t372 * 8) = _t361 & 0x7f7f7f7f;
					}
					_t240 =  *( *[fs:0x30] + 0x50);
					if(_t240 != 0) {
						__eflags =  *_t240;
						if( *_t240 == 0) {
							goto L24;
						} else {
							_t197 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
							goto L25;
						}
						goto L58;
					} else {
						L24:
						_t197 = 0x7ffe0380;
					}
					L25:
					if( *_t197 != 0) {
						_t197 =  *[fs:0x30];
						__eflags =  *(_t197 + 0x240) & 0x00000001;
						if(( *(_t197 + 0x240) & 0x00000001) != 0) {
							return E01141A5F(_t280,  *(_v24 + 0xc),  *((intOrPtr*)(_t341 + 4)),  *(_t341 + 0x14) & 0x0000ffff,  *(_t341 + 0x18) & 0x0000ffff,  *(_t341 + 0x1b) & 0x000000ff);
						}
					}
				}
				return _t197;
				goto L58;
			}








































































                                      0x010b65a0
                                      0x010b65a9
                                      0x010b65b1
                                      0x010b65b5
                                      0x010b65b7
                                      0x010b65bb
                                      0x010b65be
                                      0x010b65c1
                                      0x010b65c6
                                      0x010b68b5
                                      0x010b65cc
                                      0x010b65d3
                                      0x010b65d3
                                      0x010b65db
                                      0x010b65dd
                                      0x010f7d05
                                      0x010f7d13
                                      0x010f7d18
                                      0x010f7d1a
                                      0x010f7d20
                                      0x00000000
                                      0x010f7d20
                                      0x010b65e3
                                      0x010b65e3
                                      0x010b65e6
                                      0x010b65e9
                                      0x010b65ee
                                      0x010b65f7
                                      0x010b65fd
                                      0x010b65ff
                                      0x010b6605
                                      0x010b6889
                                      0x010b660b
                                      0x010b660d
                                      0x010b660d
                                      0x010b6612
                                      0x010b6620
                                      0x010b6626
                                      0x010b6629
                                      0x010b662b
                                      0x010b6638
                                      0x010b663e
                                      0x010b6641
                                      0x010b664b
                                      0x010b6653
                                      0x010b6656
                                      0x010b6660
                                      0x010b666b
                                      0x010b666e
                                      0x010b6670
                                      0x010b6675
                                      0x010b6686
                                      0x010b6689
                                      0x010b668c
                                      0x010b6695
                                      0x010b6699
                                      0x010b669b
                                      0x010b669e
                                      0x010b66a3
                                      0x010b66a3
                                      0x010b66a8
                                      0x010b66a8
                                      0x010b66ab
                                      0x010b66b1
                                      0x010b66b4
                                      0x010b66b7
                                      0x010b66c1
                                      0x010b66cb
                                      0x010b66ce
                                      0x010b66e5
                                      0x010b66e5
                                      0x010b66e8
                                      0x010b66ee
                                      0x010b66f1
                                      0x010b66f8
                                      0x010b66fd
                                      0x010b6704
                                      0x010b6709
                                      0x010b670d
                                      0x010b6710
                                      0x010b6713
                                      0x010b6719
                                      0x010b671f
                                      0x010b6726
                                      0x010b6734
                                      0x010b673c
                                      0x010b6891
                                      0x010b6893
                                      0x010b6896
                                      0x010b6899
                                      0x010b68bd
                                      0x010b68bd
                                      0x00000000
                                      0x010b68bd
                                      0x00000000
                                      0x010b6742
                                      0x010b6742
                                      0x010b674b
                                      0x010b68c5
                                      0x010b68c7
                                      0x010b68ca
                                      0x010b68cc
                                      0x010b68ce
                                      0x010b68c0
                                      0x010b68c0
                                      0x010b68c0
                                      0x010b689b
                                      0x010b689d
                                      0x010b689d
                                      0x010b674b
                                      0x010b6751
                                      0x010b6754
                                      0x010b6754
                                      0x010b6756
                                      0x010b6759
                                      0x010b675f
                                      0x010b6764
                                      0x010b6764
                                      0x010b676d
                                      0x010b6772
                                      0x010b6776
                                      0x010b6779
                                      0x010b6782
                                      0x010b6785
                                      0x010b678c
                                      0x010b678e
                                      0x010b6794
                                      0x010b6797
                                      0x010b67a1
                                      0x010b67aa
                                      0x010b67ca
                                      0x010b67d4
                                      0x010b67d7
                                      0x010b67da
                                      0x010b67de
                                      0x010b67e1
                                      0x010b67eb
                                      0x010b67f6
                                      0x010b67fe
                                      0x010b680c
                                      0x010b680f
                                      0x010b6812
                                      0x010f7d30
                                      0x010f7d32
                                      0x010f7d34
                                      0x010f7d39
                                      0x010f7d3b
                                      0x010f7d42
                                      0x010f7d44
                                      0x010f7d4a
                                      0x010f7d50
                                      0x010f7d53
                                      0x010f7d59
                                      0x010f7d6d
                                      0x010f7d7c
                                      0x010f7d7c
                                      0x010f7d7e
                                      0x010f7d82
                                      0x010f7d84
                                      0x00000000
                                      0x00000000
                                      0x010f7d86
                                      0x010f7d86
                                      0x010f7d8a
                                      0x010f7d8d
                                      0x010f7d8f
                                      0x010f7d95
                                      0x010f7d9d
                                      0x010f7da0
                                      0x010f7da0
                                      0x010f7d5b
                                      0x010f7d62
                                      0x010f7d64
                                      0x010f7d68
                                      0x010f7d68
                                      0x010f7da2
                                      0x010f7da2
                                      0x010f7d44
                                      0x010b681d
                                      0x010b6822
                                      0x010b6829
                                      0x010b682b
                                      0x010b682e
                                      0x010f7dac
                                      0x010f7dae
                                      0x010f7db0
                                      0x010f7db5
                                      0x010f7db7
                                      0x010f7dbe
                                      0x010f7dc0
                                      0x010f7dc6
                                      0x010f7dcc
                                      0x010f7dcf
                                      0x010f7dd5
                                      0x010f7dee
                                      0x010f7df8
                                      0x010f7df8
                                      0x010f7dfa
                                      0x010f7dfe
                                      0x010f7e00
                                      0x00000000
                                      0x00000000
                                      0x010f7e02
                                      0x010f7e02
                                      0x010f7e06
                                      0x010f7e09
                                      0x010f7e0b
                                      0x010f7e0e
                                      0x010f7e14
                                      0x010f7e1c
                                      0x010f7e1f
                                      0x010f7e1f
                                      0x010f7dd7
                                      0x010f7dde
                                      0x010f7de0
                                      0x010f7de4
                                      0x010f7de4
                                      0x010f7e21
                                      0x010f7e21
                                      0x00000000
                                      0x010f7dc0
                                      0x010b6839
                                      0x010b683e
                                      0x010b6850
                                      0x010b6853
                                      0x010b685a
                                      0x010b685a
                                      0x010b6867
                                      0x010b686c
                                      0x010f7e2b
                                      0x010f7e2e
                                      0x00000000
                                      0x010f7e34
                                      0x010f7e3d
                                      0x00000000
                                      0x010f7e3d
                                      0x00000000
                                      0x010b6872
                                      0x010b6872
                                      0x010b6872
                                      0x010b6872
                                      0x010b6877
                                      0x010b687a
                                      0x010f7e47
                                      0x010f7e4d
                                      0x010f7e54
                                      0x00000000
                                      0x010f7e75
                                      0x010f7e54
                                      0x010b687a
                                      0x010b6886
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06d3bcb3628fae45a27030ae4342526211b338bda694211ed73b706563a1c2c5
                                      • Instruction ID: 3113ef94aa3f5cbdbdb41b2b32e8d35cbaa0434d76add876061fae6d6bddcded
                                      • Opcode Fuzzy Hash: 06d3bcb3628fae45a27030ae4342526211b338bda694211ed73b706563a1c2c5
                                      • Instruction Fuzzy Hash: EDE16F75A00205CFDB58CF59C880AADBBF1FF48310F5481ADE996AB395D734E981CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AB236 Relevance: .3, Instructions: 305COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E010AB236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E010AB477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E0112CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E010B0678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E010C9660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E010C9660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E010C9660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E010B174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E010B138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E010A7D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E0114138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E010A7D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01141582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E010A7D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E010A7D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E01141582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E010A7D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E0113FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E0113FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E010A99BF(__ecx, _t87,  &_v16, 0);
					E010AA830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E0113FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                      0x010ab23f
                                      0x010ab246
                                      0x010ab249
                                      0x010ab24b
                                      0x010ab251
                                      0x010ab258
                                      0x010ab262
                                      0x010ab2b2
                                      0x010ab2b6
                                      0x010ab456
                                      0x010ab456
                                      0x010ab45a
                                      0x010f2912
                                      0x010f2914
                                      0x010f2916
                                      0x00000000
                                      0x00000000
                                      0x010f291f
                                      0x010f2921
                                      0x00000000
                                      0x00000000
                                      0x010f2927
                                      0x00000000
                                      0x010f2927
                                      0x010ab460
                                      0x010ab460
                                      0x010ab462
                                      0x010ab464
                                      0x010f292e
                                      0x010f2931
                                      0x010f293f
                                      0x010f2945
                                      0x010f2945
                                      0x010f2931
                                      0x00000000
                                      0x010ab464
                                      0x010ab2bc
                                      0x010ab2bf
                                      0x010ab2c5
                                      0x010ab2c8
                                      0x010ab2ca
                                      0x010f27af
                                      0x010f27af
                                      0x010ab2d0
                                      0x010ab2d7
                                      0x010ab437
                                      0x010ab2dd
                                      0x010ab2dd
                                      0x010ab2dd
                                      0x010ab2e3
                                      0x010ab2e5
                                      0x010ab43e
                                      0x010ab443
                                      0x010f27b6
                                      0x010f27b6
                                      0x010ab443
                                      0x010ab2f5
                                      0x010ab2fa
                                      0x010ab2fd
                                      0x010ab2ff
                                      0x010ab46f
                                      0x010ab46f
                                      0x010ab30a
                                      0x010ab30f
                                      0x010ab310
                                      0x010ab315
                                      0x010ab31b
                                      0x010ab31c
                                      0x010ab321
                                      0x010ab322
                                      0x010ab329
                                      0x010ab32b
                                      0x010ab32d
                                      0x010f27c2
                                      0x010f27c2
                                      0x010f27c5
                                      0x010f27c7
                                      0x00000000
                                      0x00000000
                                      0x010f27c9
                                      0x010f27cb
                                      0x010f27ce
                                      0x010f27d0
                                      0x010f27d2
                                      0x010f27d2
                                      0x010f27d5
                                      0x010f27db
                                      0x010f27e0
                                      0x010f27e1
                                      0x010f27e6
                                      0x010f27e7
                                      0x010f27ee
                                      0x010f27f0
                                      0x010f27f2
                                      0x00000000
                                      0x010f27f4
                                      0x010f27f4
                                      0x00000000
                                      0x010f27f4
                                      0x010f27f2
                                      0x010f27f7
                                      0x010f27f9
                                      0x00000000
                                      0x00000000
                                      0x010f27ff
                                      0x00000000
                                      0x010ab333
                                      0x010ab333
                                      0x010ab336
                                      0x010ab336
                                      0x010ab33c
                                      0x010ab341
                                      0x010ab344
                                      0x010ab44e
                                      0x010ab44e
                                      0x010ab34a
                                      0x010ab34d
                                      0x010ab353
                                      0x010ab358
                                      0x010ab359
                                      0x010ab35e
                                      0x010ab35f
                                      0x010ab366
                                      0x010ab368
                                      0x010ab36a
                                      0x010f28f2
                                      0x010f28fe
                                      0x010f2903
                                      0x010f2903
                                      0x00000000
                                      0x010ab370
                                      0x010ab38c
                                      0x010ab391
                                      0x010ab393
                                      0x010f280a
                                      0x010f280a
                                      0x010ab399
                                      0x010ab39b
                                      0x00000000
                                      0x010ab3a1
                                      0x010ab3a1
                                      0x010ab3a6
                                      0x010ab3b0
                                      0x010ab3b2
                                      0x010f281d
                                      0x010ab3b8
                                      0x010ab3b8
                                      0x010ab3b8
                                      0x010ab3ba
                                      0x010ab3bd
                                      0x010f2824
                                      0x010f282a
                                      0x010f2831
                                      0x010f2841
                                      0x010f284b
                                      0x010f284d
                                      0x010f2858
                                      0x010f2858
                                      0x010f2858
                                      0x010f2870
                                      0x010f2870
                                      0x010f2831
                                      0x010ab3c3
                                      0x010ab3c8
                                      0x010ab3d2
                                      0x010ab3d4
                                      0x010f2883
                                      0x010ab3da
                                      0x010ab3da
                                      0x010ab3da
                                      0x010ab3dc
                                      0x010ab3df
                                      0x010f288f
                                      0x010f2891
                                      0x010f289c
                                      0x010f289c
                                      0x010f289c
                                      0x010f28b4
                                      0x010f28b4
                                      0x010ab3e5
                                      0x010ab3ea
                                      0x010ab3ec
                                      0x010f28c7
                                      0x010ab3f2
                                      0x010ab3f2
                                      0x010ab3f2
                                      0x010ab3f7
                                      0x010ab3fa
                                      0x010f28d9
                                      0x010f28d9
                                      0x010ab400
                                      0x010ab407
                                      0x010ab40a
                                      0x010ab40f
                                      0x010ab413
                                      0x010ab41f
                                      0x010ab424
                                      0x010ab426
                                      0x010f28e3
                                      0x010f28e8
                                      0x010f28e8
                                      0x010ab426
                                      0x010ab42f
                                      0x00000000
                                      0x010ab42f
                                      0x010ab39b
                                      0x010ab36a
                                      0x010ab264
                                      0x010ab264
                                      0x010ab279
                                      0x010ab27f
                                      0x010ab287
                                      0x010ab28c
                                      0x010ab290
                                      0x010ab29c
                                      0x010ab2a3
                                      0x010f27a0
                                      0x010f27a5
                                      0x010f27a5
                                      0x010ab2a3
                                      0x010ab2a9
                                      0x010ab2b1
                                      0x010ab2b1

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                      • Instruction ID: f91eba9656bd23e9a964d2fb5e703f16158ea39b45b13ea7f743f244f7d21b93
                                      • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                      • Instruction Fuzzy Hash: 1AB1B331B006069FDB15DBA9C891BBEBBF5EF84704F5441A9E682DB781DB30D941CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109849B Relevance: .3, Instructions: 290COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E0109849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x115f9c0);
				E010DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1177b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0109CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E010A2280( *[fs:0x30], 0x1178550);
						_t139 =  *0x1177b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E010BF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0109FFB0(_t193, _t235, 0x1178550);
								L5:
								return E010DD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01081C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1177b9c; // 0x0
							_t235 = E010A4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1177b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E010BA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0109FFB0(_t193, _t235, 0x1178550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L010A77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L010A77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1177b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1177b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E010C37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1177b9c; // 0x0
									_t214 = E010A4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E010C37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1177b10 =  *0x1177b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1177b04 =  *0x1177b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L010A77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L010A77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1177b08 =  *0x1177b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E010C57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E010CF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L010A77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E010BA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L010A77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E010C96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                      0x0109849b
                                      0x0109849b
                                      0x0109849b
                                      0x0109849b
                                      0x0109849d
                                      0x010984a2
                                      0x010984a7
                                      0x010984b1
                                      0x010984d8
                                      0x00000000
                                      0x010984b3
                                      0x010984c4
                                      0x010984c9
                                      0x010984cd
                                      0x010984cf
                                      0x010984cf
                                      0x010984d6
                                      0x010984e6
                                      0x010984e9
                                      0x010984ec
                                      0x010984ef
                                      0x010984f2
                                      0x010984f4
                                      0x010984fc
                                      0x01098501
                                      0x01098506
                                      0x01098509
                                      0x010986e0
                                      0x010986e5
                                      0x010986e8
                                      0x010986ed
                                      0x010986f0
                                      0x010986f2
                                      0x010e9afd
                                      0x010e9b02
                                      0x010984da
                                      0x010984df
                                      0x010984df
                                      0x010986fa
                                      0x010986fd
                                      0x010986fe
                                      0x01098701
                                      0x01098706
                                      0x01098709
                                      0x0109870b
                                      0x00000000
                                      0x00000000
                                      0x01098711
                                      0x01098725
                                      0x01098727
                                      0x0109872a
                                      0x0109872c
                                      0x010e9af0
                                      0x010e9af5
                                      0x01098732
                                      0x01098732
                                      0x01098732
                                      0x01098735
                                      0x01098737
                                      0x01098515
                                      0x01098515
                                      0x01098518
                                      0x0109851d
                                      0x01098523
                                      0x01098527
                                      0x0109852b
                                      0x01098537
                                      0x01098539
                                      0x0109853c
                                      0x0109853e
                                      0x0109868c
                                      0x01098691
                                      0x01098699
                                      0x0109869b
                                      0x01098744
                                      0x01098748
                                      0x010986a1
                                      0x010986a1
                                      0x010986a1
                                      0x010986a4
                                      0x010986a8
                                      0x010e9bdf
                                      0x010e9bdf
                                      0x010986ae
                                      0x010986b0
                                      0x00000000
                                      0x010986b6
                                      0x00000000
                                      0x010e9be9
                                      0x010986b0
                                      0x01098544
                                      0x0109854a
                                      0x0109854d
                                      0x01098551
                                      0x0109876e
                                      0x01098778
                                      0x0109877b
                                      0x01098780
                                      0x01098557
                                      0x01098557
                                      0x0109855d
                                      0x0109855d
                                      0x0109856b
                                      0x0109856e
                                      0x01098570
                                      0x01098573
                                      0x01098576
                                      0x01098576
                                      0x01098579
                                      0x0109857b
                                      0x00000000
                                      0x00000000
                                      0x01098581
                                      0x010985a0
                                      0x010985a2
                                      0x010985a5
                                      0x010985a7
                                      0x010e9b1b
                                      0x010e9b1b
                                      0x0109862e
                                      0x0109862e
                                      0x01098631
                                      0x01098631
                                      0x01098634
                                      0x01098636
                                      0x01098669
                                      0x01098669
                                      0x0109866b
                                      0x010e9bbf
                                      0x010e9bc4
                                      0x010e9bc8
                                      0x010e9bce
                                      0x010e9bce
                                      0x01098671
                                      0x01098671
                                      0x01098674
                                      0x01098676
                                      0x010e9bae
                                      0x010e9bae
                                      0x01098676
                                      0x0109867c
                                      0x0109867e
                                      0x01098688
                                      0x01098688
                                      0x00000000
                                      0x0109867e
                                      0x01098638
                                      0x01098638
                                      0x0109863b
                                      0x0109863e
                                      0x0109863f
                                      0x01098642
                                      0x01098645
                                      0x01098648
                                      0x0109864d
                                      0x010e9b69
                                      0x010e9b6e
                                      0x010e9b7b
                                      0x010e9b81
                                      0x010e9b85
                                      0x010e9b89
                                      0x010e9ba7
                                      0x010e9b8b
                                      0x010e9b91
                                      0x010e9b9a
                                      0x010e9b9f
                                      0x010e9b9f
                                      0x01098788
                                      0x0109878d
                                      0x01098763
                                      0x01098763
                                      0x01098766
                                      0x00000000
                                      0x01098766
                                      0x010e9b70
                                      0x00000000
                                      0x010e9b70
                                      0x01098656
                                      0x0109865a
                                      0x0109865c
                                      0x01098752
                                      0x01098756
                                      0x00000000
                                      0x00000000
                                      0x0109875e
                                      0x00000000
                                      0x0109875e
                                      0x01098662
                                      0x01098662
                                      0x01098662
                                      0x01098666
                                      0x00000000
                                      0x01098666
                                      0x010985b7
                                      0x010985b9
                                      0x010985bc
                                      0x010985bf
                                      0x010985cc
                                      0x010985d1
                                      0x010985d4
                                      0x010985db
                                      0x010985de
                                      0x010985e0
                                      0x010e9b5f
                                      0x00000000
                                      0x010e9b5f
                                      0x010985e6
                                      0x010985ea
                                      0x010986c3
                                      0x010986c5
                                      0x010986c8
                                      0x010986ca
                                      0x010e9b16
                                      0x00000000
                                      0x010e9b16
                                      0x010986d6
                                      0x010985f6
                                      0x010985f6
                                      0x010985f9
                                      0x01098602
                                      0x01098606
                                      0x0109860a
                                      0x0109860b
                                      0x0109860e
                                      0x01098611
                                      0x00000000
                                      0x01098611
                                      0x010985f3
                                      0x00000000
                                      0x010985f3
                                      0x01098619
                                      0x0109861e
                                      0x0109861e
                                      0x01098621
                                      0x01098622
                                      0x01098623
                                      0x01098625
                                      0x0109862c
                                      0x00000000
                                      0x0109873d
                                      0x00000000
                                      0x0109873d
                                      0x01098737
                                      0x0109850f
                                      0x01098512
                                      0x00000000
                                      0x01098512
                                      0x00000000
                                      0x010984d6

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d7f2738fe8db9aca077da33d3f7ae0528ab23d798b1d3cfe4467d4a22fcbc63
                                      • Instruction ID: 87800590900f36d34c5ef29fb2a50b3877f72e0c93902f5d471f47de4cb10553
                                      • Opcode Fuzzy Hash: 8d7f2738fe8db9aca077da33d3f7ae0528ab23d798b1d3cfe4467d4a22fcbc63
                                      • Instruction Fuzzy Hash: DEB15A70E0020ADFDF29DFE9C994AADBBF5BF49304F10812AE555AB345D770A841CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B37EB Relevance: .3, Instructions: 269COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E010B37EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t104;
				char* _t114;
				signed short _t124;
				signed int _t125;
				signed int _t130;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				intOrPtr* _t140;
				intOrPtr* _t142;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t155;
				signed int _t156;
				intOrPtr _t157;
				intOrPtr _t160;
				signed short _t164;
				signed short _t165;
				signed int _t174;
				intOrPtr* _t177;
				short _t179;
				intOrPtr _t180;
				intOrPtr* _t182;
				intOrPtr _t183;
				void* _t184;

				_push(0x50);
				_push(0x115ff48);
				E010DD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t184 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t184 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t184 - 0x2c) = __edx & 0x00000001;
				_t99 = E0109B060(__ecx,  *((intOrPtr*)( *[fs:0x30] + 8)));
				if(_t99 == 0) {
					_t179 = 0xc000007b;
					L28:
					return E010DD0D1(_t179);
				}
				_t150 =  *((intOrPtr*)(_t99 + 0x60));
				 *((intOrPtr*)(_t184 - 0x38)) =  *((intOrPtr*)(_t99 + 0x60));
				_t180 =  *((intOrPtr*)(_t99 + 0x64));
				 *((intOrPtr*)(_t184 - 0x30)) = _t180;
				_t103 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t103 != 0) {
					if(_t180 < _t103) {
						 *((intOrPtr*)(_t184 - 0x30)) = _t103;
					}
				}
				_t104 =  *0x11784c4; // 0x0
				_t182 = E010A4620(_t150,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t104 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t184 - 0x20)) = _t182;
				 *((intOrPtr*)(_t184 - 4)) = 0;
				 *((intOrPtr*)(_t184 - 0x40)) = 1;
				if(_t182 == 0) {
					L36:
					_t179 = 0xc0000017;
					 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x11784c4; // 0x0
					_t153 = _t152 + 0xc0000;
					 *((intOrPtr*)(_t184 - 0x48)) = _t152 + 0xc0000;
					_t154 = E010A4620(_t152 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t153,  *0x11784c0 * 0x24);
					 *((intOrPtr*)(_t184 - 0x24)) = _t154;
					if(_t154 == 0) {
						_t179 = 0xc0000017;
						 *((intOrPtr*)(_t184 - 0x1c)) = 0xc0000017;
						_t182 =  *((intOrPtr*)(_t184 - 0x20));
						L24:
						 *((intOrPtr*)(_t184 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t184 - 0x40)) = 0;
						E010B3B5A(_t108, 0, _t179, _t182);
						if(_t179 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x44)))) = _t182;
						if(E010A7D50() != 0) {
							_t114 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t179 =  *((intOrPtr*)(_t184 - 0x1c));
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
						} else {
							_t114 = 0x7ffe0386;
						}
						if( *_t114 != 0) {
							L32:
							E01158BB6(_t182);
						}
						goto L28;
					}
					_t155 = 0;
					 *(_t184 - 0x28) = 0;
					_t183 =  *((intOrPtr*)(_t184 - 0x20));
					_t174 =  *0x11784c0; // 0x1
					while(_t155 < 3) {
						 *((intOrPtr*)(_t183 + 0x10 + _t155 * 4)) = _t174 * _t155 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						_t155 = _t155 + 1;
						 *(_t184 - 0x28) = _t155;
					}
					_t156 = 0;
					while(1) {
						 *(_t184 - 0x28) = _t156;
						if(_t156 >= _t174 * 3) {
							break;
						}
						_t142 = _t156 * 0xc +  *((intOrPtr*)(_t184 - 0x24));
						 *((intOrPtr*)(_t142 + 8)) = 0;
						 *((intOrPtr*)(_t142 + 4)) = _t142;
						 *_t142 = _t142;
						_t156 = _t156 + 1;
					}
					_t157 =  *0x11784c4; // 0x0
					_t158 = _t157 + 0xc0000;
					 *(_t184 - 0x4c) = _t157 + 0xc0000;
					_t108 = E010A4620(_t158 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t158 | 0x00000008, _t174 << 2);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x1c)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t160 =  *0x11784c4; // 0x0
					_t161 = _t160 + 0xc0000;
					 *(_t184 - 0x50) = _t160 + 0xc0000;
					_t108 = E010A4620(_t161 | 0x00000008,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161 | 0x00000008,  *0x11784c0 * 0xc);
					_t182 =  *((intOrPtr*)(_t184 - 0x20));
					 *((intOrPtr*)(_t182 + 0x20)) = _t108;
					if(_t108 == 0) {
						goto L36;
					}
					_t124 =  *0x7ffe03c0;
					 *(_t184 - 0x34) = _t124;
					 *(_t184 - 0x54) = _t124;
					 *(_t182 + 0x100) = _t124;
					_t179 = E010B3B7A(_t182);
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t182 + 0x104)) = 0xfffffffe;
					 *(_t184 - 0x60) = 0;
					 *((intOrPtr*)(_t184 - 0x5c)) = 0;
					_t164 =  *(_t184 - 0x34);
					_t125 = _t164 & 0x0000ffff;
					 *(_t184 - 0x60) = _t125;
					 *(_t182 + 8) = _t125;
					 *((intOrPtr*)(_t182 + 0xc)) = 0;
					 *_t182 = 1;
					if(_t164 < 4) {
						_t165 = 4;
					} else {
						_t165 = _t164 + 1;
					}
					 *(_t184 - 0x34) = _t165;
					_t49 = _t182 + 0x28; // 0x28
					_push(_t165);
					_push(0);
					_push(0x1f0003);
					_t179 = E010C9F70();
					 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
					if(_t179 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t184 - 4)) = 1;
						 *((intOrPtr*)(_t184 - 0x3c)) = 1;
						_t130 =  *0x7ffe03c0 << 2;
						if(_t130 < 0x200) {
							_t130 = 0x200;
						}
						_t53 = _t182 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t184 - 0x30)));
						_push( *((intOrPtr*)(_t184 - 0x38)));
						_push(_t130);
						_push(_t182);
						_push(0x10ac740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t182 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t179 = E010CA160();
						 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
						if(_t179 < 0) {
							L23:
							 *((intOrPtr*)(_t184 - 4)) = 0;
							 *((intOrPtr*)(_t184 - 0x3c)) = 0;
							_t108 = E010B3B48(_t131, 0, _t179, _t182);
							goto L24;
						} else {
							if( *(_t184 - 0x2c) != 0) {
								_push(4);
								_push(_t184 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t182 + 0x24)));
								_t179 = E010CAE70();
								 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
								if(_t179 < 0) {
									goto L23;
								}
								 *((short*)(_t182 + 0xe6)) =  *(_t184 - 0x2c);
							}
							 *((intOrPtr*)(_t182 + 0x2c)) = 0;
							 *((intOrPtr*)(_t182 + 0xe0)) = 0;
							 *((intOrPtr*)(_t182 + 0x110)) = 0;
							 *((short*)(_t182 + 0xe4)) = 0;
							_t63 = _t182 + 0x30; // 0x30
							_t134 = _t63;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t65 = _t182 + 0x38; // 0x38
							_t135 = _t65;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							_t67 = _t182 + 0x114; // 0x114
							_t136 = _t67;
							 *((intOrPtr*)(_t136 + 4)) = _t136;
							 *_t136 = _t136;
							E010AF194(_t182, _t184 - 0x58, 0);
							_t182 =  *((intOrPtr*)(_t184 - 0x20));
							 *((intOrPtr*)(_t182 + 0xf0)) =  *((intOrPtr*)(_t184 + 4));
							_t73 = _t182 + 0x40; // 0x40
							_t179 = E010B196E(_t73, _t182);
							 *((intOrPtr*)(_t184 - 0x1c)) = _t179;
							if(_t179 < 0) {
								goto L23;
							}
							_t179 = 0;
							 *((intOrPtr*)(_t184 - 0x1c)) = 0;
							E010A2280(_t131, 0x11786b4);
							 *((intOrPtr*)(_t184 - 4)) = 2;
							_t77 = _t182 + 0xe8; // 0xe8
							_t140 = _t77;
							_t177 =  *0x11753dc; // 0xb231d8
							if( *_t177 != 0x11753d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t140 = 0x11753d8;
							 *((intOrPtr*)(_t140 + 4)) = _t177;
							 *_t177 = _t140;
							 *0x11753dc = _t140;
							 *((intOrPtr*)(_t184 - 4)) = 1;
							_t131 = E010B3B3D();
							goto L23;
						}
					}
				}
			}






























                                      0x010b37eb
                                      0x010b37ed
                                      0x010b37f2
                                      0x010b37f7
                                      0x010b37fa
                                      0x010b3803
                                      0x010b3806
                                      0x010b380b
                                      0x010b3817
                                      0x010b381e
                                      0x010f615c
                                      0x010b3b0c
                                      0x010b3b13
                                      0x010b3b13
                                      0x010b3824
                                      0x010b3827
                                      0x010b382a
                                      0x010b382d
                                      0x010b3836
                                      0x010b383e
                                      0x010f6168
                                      0x010f616e
                                      0x010f616e
                                      0x010f6168
                                      0x010b3844
                                      0x010b3865
                                      0x010b3867
                                      0x010b386a
                                      0x010b386d
                                      0x010b3876
                                      0x010f6176
                                      0x010f6176
                                      0x010f617b
                                      0x00000000
                                      0x010b387c
                                      0x010b387c
                                      0x010b3882
                                      0x010b3888
                                      0x010b38a2
                                      0x010b38a4
                                      0x010b38a9
                                      0x010f6183
                                      0x010f6188
                                      0x010f618b
                                      0x010b3ad9
                                      0x010b3ad9
                                      0x010b3ae0
                                      0x010b3ae7
                                      0x010b3aee
                                      0x00000000
                                      0x00000000
                                      0x010b3af3
                                      0x010b3afc
                                      0x010f6288
                                      0x010f628d
                                      0x010f6290
                                      0x010b3b02
                                      0x010b3b02
                                      0x010b3b02
                                      0x010b3b0a
                                      0x010b3b71
                                      0x010b3b73
                                      0x010b3b73
                                      0x00000000
                                      0x010b3b0a
                                      0x010b38af
                                      0x010b38b1
                                      0x010b38b4
                                      0x010b38b7
                                      0x010b38bd
                                      0x010b38cd
                                      0x010b38d1
                                      0x010b38d2
                                      0x010b38d2
                                      0x010b38d7
                                      0x010b38d9
                                      0x010b38d9
                                      0x010b38e1
                                      0x00000000
                                      0x00000000
                                      0x010b38e6
                                      0x010b38e9
                                      0x010b38ec
                                      0x010b38ef
                                      0x010b38f1
                                      0x010b38f1
                                      0x010b38f4
                                      0x010b38fa
                                      0x010b3900
                                      0x010b3916
                                      0x010b391b
                                      0x010b391e
                                      0x010b3923
                                      0x00000000
                                      0x00000000
                                      0x010b3929
                                      0x010b392f
                                      0x010b3935
                                      0x010b394d
                                      0x010b3952
                                      0x010b3955
                                      0x010b395a
                                      0x00000000
                                      0x00000000
                                      0x010b3960
                                      0x010b3965
                                      0x010b3968
                                      0x010b396b
                                      0x010b3978
                                      0x010b397a
                                      0x010b397f
                                      0x00000000
                                      0x00000000
                                      0x010b3985
                                      0x010b398f
                                      0x010b3992
                                      0x010b3995
                                      0x010b3998
                                      0x010b399b
                                      0x010b399e
                                      0x010b39a1
                                      0x010b39a4
                                      0x010b39ad
                                      0x010f6195
                                      0x010b39b3
                                      0x010b39b3
                                      0x010b39b3
                                      0x010b39b4
                                      0x010b39b7
                                      0x010b39ba
                                      0x010b39bb
                                      0x010b39bc
                                      0x010b39c7
                                      0x010b39c9
                                      0x010b39ce
                                      0x00000000
                                      0x010b39d4
                                      0x010b39d7
                                      0x010b39da
                                      0x010b39e2
                                      0x010b39ec
                                      0x010b39ee
                                      0x010b39ee
                                      0x010b39f0
                                      0x010b39f3
                                      0x010b39f6
                                      0x010b39f9
                                      0x010b39fa
                                      0x010b39fb
                                      0x010b3a00
                                      0x010b3a02
                                      0x010b3a05
                                      0x010b3a06
                                      0x010b3a11
                                      0x010b3a13
                                      0x010b3a18
                                      0x010b3aca
                                      0x010b3aca
                                      0x010b3acd
                                      0x010b3ad4
                                      0x00000000
                                      0x010b3a1e
                                      0x010b3a22
                                      0x010b3b14
                                      0x010b3b19
                                      0x010b3b1a
                                      0x010b3b1c
                                      0x010b3b24
                                      0x010b3b26
                                      0x010b3b2b
                                      0x00000000
                                      0x00000000
                                      0x010b3b31
                                      0x010b3b31
                                      0x010b3a28
                                      0x010b3a2b
                                      0x010b3a31
                                      0x010b3a37
                                      0x010b3a3e
                                      0x010b3a3e
                                      0x010b3a41
                                      0x010b3a44
                                      0x010b3a46
                                      0x010b3a46
                                      0x010b3a49
                                      0x010b3a4c
                                      0x010b3a4e
                                      0x010b3a4e
                                      0x010b3a54
                                      0x010b3a57
                                      0x010b3a5f
                                      0x010b3a67
                                      0x010b3a6a
                                      0x010b3a70
                                      0x010b3a7a
                                      0x010b3a7c
                                      0x010b3a81
                                      0x00000000
                                      0x00000000
                                      0x010b3a83
                                      0x010b3a85
                                      0x010b3a8d
                                      0x010b3a92
                                      0x010b3a99
                                      0x010b3a99
                                      0x010b3a9f
                                      0x010b3aac
                                      0x010b3b6c
                                      0x010b3b6f
                                      0x00000000
                                      0x010b3b6f
                                      0x010b3ab2
                                      0x010b3ab4
                                      0x010b3ab7
                                      0x010b3ab9
                                      0x010b3abe
                                      0x010b3ac5
                                      0x00000000
                                      0x010b3ac5
                                      0x010b3a18
                                      0x010b39ce

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d5a3334313de43d305868eec99fbdfdb97042bd898f6ae110b6f0df50b39882
                                      • Instruction ID: 6d7cbba9a2dbf48c7e033ee9f2b484a737bd39a7be559e6e4ed713a759c1f8a6
                                      • Opcode Fuzzy Hash: 8d5a3334313de43d305868eec99fbdfdb97042bd898f6ae110b6f0df50b39882
                                      • Instruction Fuzzy Hash: E3B124B1900609DFCB15DFA9C980AEEBBF5FB48700F24416EE59AAB750E774A901CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108C600 Relevance: .2, Instructions: 225COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0108C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x117d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01096D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E010CB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1177b9c; // 0x0
					_t74 = E010A4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E010C9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L010A77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E010CF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E010C13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L010A77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E010C9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                      0x0108c608
                                      0x0108c615
                                      0x0108c625
                                      0x0108c62d
                                      0x0108c635
                                      0x0108c640
                                      0x0108c680
                                      0x0108c687
                                      0x0108c688
                                      0x0108c689
                                      0x0108c694
                                      0x0108c694
                                      0x0108c642
                                      0x0108c64a
                                      0x0108c697
                                      0x010f7a25
                                      0x010f7a2b
                                      0x010f7a2e
                                      0x010f7a30
                                      0x010f7bea
                                      0x010f7bea
                                      0x00000000
                                      0x010f7bea
                                      0x010f7a36
                                      0x010f7a43
                                      0x010f7a48
                                      0x010f7a4c
                                      0x010f7a4e
                                      0x00000000
                                      0x00000000
                                      0x010f7a58
                                      0x010f7a5a
                                      0x010f7a5b
                                      0x010f7a5c
                                      0x010f7a5d
                                      0x010f7a63
                                      0x010f7a64
                                      0x010f7a6a
                                      0x010f7a6c
                                      0x010f7a6e
                                      0x010f79cb
                                      0x010f79cb
                                      0x010f79ce
                                      0x010f79d0
                                      0x010f7a98
                                      0x010f7a9b
                                      0x010f7a9b
                                      0x010f7a9e
                                      0x010f7aa1
                                      0x010f7bbe
                                      0x010f7bbe
                                      0x010f7bc0
                                      0x010f7be0
                                      0x010f7be0
                                      0x010f7a01
                                      0x010f7a01
                                      0x010f7a05
                                      0x010f7a07
                                      0x010f7a15
                                      0x010f7a15
                                      0x010f7a1a
                                      0x00000000
                                      0x010f7a1a
                                      0x010f7bc2
                                      0x010f7bc6
                                      0x010f7bc9
                                      0x010f7bcd
                                      0x010f7bcf
                                      0x010f79e6
                                      0x010f79e6
                                      0x010f79eb
                                      0x010f79eb
                                      0x010f79ef
                                      0x010f79f1
                                      0x00000000
                                      0x00000000
                                      0x010f79f3
                                      0x010f79f5
                                      0x010f79ff
                                      0x010f79ff
                                      0x00000000
                                      0x010f79ff
                                      0x010f79f7
                                      0x010f79fd
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010f79fd
                                      0x010f7bd5
                                      0x010f7bd8
                                      0x00000000
                                      0x00000000
                                      0x010f7ba9
                                      0x010f7bac
                                      0x010f7bb0
                                      0x010f7bb1
                                      0x010f7bb1
                                      0x010f7bb6
                                      0x00000000
                                      0x010f7bb6
                                      0x010f7aa7
                                      0x010f7aaa
                                      0x00000000
                                      0x00000000
                                      0x010f7ab2
                                      0x010f7ab3
                                      0x010f7ab5
                                      0x010f7aec
                                      0x010f7aef
                                      0x010f7b25
                                      0x010f7b28
                                      0x010f7b62
                                      0x010f7b64
                                      0x010f7b8f
                                      0x010f7b92
                                      0x010f7b96
                                      0x010f7b98
                                      0x00000000
                                      0x00000000
                                      0x010f7b9e
                                      0x010f7b9f
                                      0x010f7ba3
                                      0x00000000
                                      0x010f7ba3
                                      0x010f7b66
                                      0x010f7b68
                                      0x010f7ae2
                                      0x010f7ae2
                                      0x00000000
                                      0x010f7ae2
                                      0x010f7b6e
                                      0x010f7b72
                                      0x010f7b75
                                      0x010f7b81
                                      0x010f7b85
                                      0x010f7b87
                                      0x00000000
                                      0x00000000
                                      0x010f7b31
                                      0x010f7b34
                                      0x010f7b3c
                                      0x010f7b45
                                      0x010f7b46
                                      0x010f7b4f
                                      0x010f7b51
                                      0x010f7b57
                                      0x010f7b59
                                      0x010f7b59
                                      0x00000000
                                      0x010f7b59
                                      0x010f7b77
                                      0x00000000
                                      0x010f7b77
                                      0x010f7b2a
                                      0x00000000
                                      0x010f7b2a
                                      0x010f7af1
                                      0x010f7af3
                                      0x00000000
                                      0x00000000
                                      0x010f7afb
                                      0x010f7afc
                                      0x010f7afe
                                      0x00000000
                                      0x00000000
                                      0x010f7b00
                                      0x010f7b03
                                      0x00000000
                                      0x00000000
                                      0x010f7b05
                                      0x010f7b09
                                      0x010f7b0d
                                      0x010f7b0f
                                      0x00000000
                                      0x00000000
                                      0x010f7b18
                                      0x010f7b1d
                                      0x00000000
                                      0x010f7b1d
                                      0x010f7ab7
                                      0x010f7ab9
                                      0x00000000
                                      0x00000000
                                      0x010f7abf
                                      0x010f7ac1
                                      0x00000000
                                      0x00000000
                                      0x010f7ac3
                                      0x010f7ac6
                                      0x00000000
                                      0x00000000
                                      0x010f7ac8
                                      0x010f7acc
                                      0x010f7ad0
                                      0x010f7ad2
                                      0x00000000
                                      0x00000000
                                      0x010f7adb
                                      0x00000000
                                      0x010f7adb
                                      0x010f79d6
                                      0x010f79d9
                                      0x010f79dc
                                      0x010f7a91
                                      0x010f7a94
                                      0x00000000
                                      0x010f7a94
                                      0x010f79e2
                                      0x00000000
                                      0x010f79e2
                                      0x010f7a74
                                      0x010f7a7a
                                      0x00000000
                                      0x00000000
                                      0x010f7a8a
                                      0x010f7a21
                                      0x010f7a21
                                      0x00000000
                                      0x010f7a21
                                      0x0108c650
                                      0x0108c651
                                      0x0108c656
                                      0x0108c65c
                                      0x0108c65d
                                      0x0108c663
                                      0x0108c664
                                      0x0108c66a
                                      0x0108c66e
                                      0x010f79c5
                                      0x010f79c7
                                      0x00000000
                                      0x010f79c7
                                      0x0108c67a
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4b116d6f6c7379cce2f3aec14808d0d42082d9dae57d7dd819426ef7d0d8aad
                                      • Instruction ID: 9ccd9d7ad2ed5eaeca9356e0db20640439c4cf8ffa64603d2eec628a09787f4c
                                      • Opcode Fuzzy Hash: e4b116d6f6c7379cce2f3aec14808d0d42082d9dae57d7dd819426ef7d0d8aad
                                      • Instruction Fuzzy Hash: D781B0756082068BDB62CE58C882B6E77E5EB84254F1548AEEFC59B641D330ED44CBA3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01085AC0 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E01085AC0(signed char _a4, char _a8, signed int _a12, intOrPtr _a16, char _a20) {
				signed int _v8;
				char _v1036;
				char _v1037;
				char _v1038;
				signed int _v1044;
				char _v1048;
				char _v1052;
				signed int _v1056;
				char _v1060;
				intOrPtr _v1064;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t76;
				char _t80;
				signed int _t81;
				void* _t92;
				char _t108;
				signed int _t111;
				char _t121;
				signed char _t122;
				signed int _t136;
				signed int _t137;
				char _t144;
				char _t145;
				signed int _t147;

				_v8 =  *0x117d360 ^ _t147;
				_t76 = _a16;
				_t140 = _a12;
				_t145 = _a8;
				_v1064 = _t76;
				_t144 = _a20;
				_v1060 = _t144;
				if(_t145 == 0 || _t144 == 0 ||  *_t144 < 0 || _t140 < 0xffffffff ||  *_t144 > 0 && _t76 == 0) {
					L46:
					_t77 = 0xc000000d;
					goto L18;
				} else {
					_t122 = _a4;
					if((_t122 & 0xfffffff0) != 0) {
						goto L46;
					}
					if(_t140 == 0xffffffff) {
						_t140 = 0x203;
						_t80 = E0109347D(_t145, 0x203,  &_v1056);
						__eflags = _t80;
						if(_t80 < 0) {
							L23:
							_t77 = 0xc0000716;
							L18:
							return E010CB640(_t77, _t122, _v8 ^ _t147, _t140, _t144, _t145);
						}
						_t140 = _v1056 + 1;
					}
					_t81 =  *(_t145 + _t140 * 2 - 2) & 0x0000ffff;
					_v1044 = _t81;
					if(_t81 == 0) {
						_t140 = _t140 - 1;
					}
					_v1048 = 0x1ff;
					_v1056 = _t122 & 0x00000004;
					if(E01085C07(_t145, _t140,  &_v1036,  &_v1048, (_t122 >> 0x00000001 & 0 | (_t122 & 0x00000004) != 0x00000000) & 0x000000ff, _t122 >> 0x00000001 & 1,  &_v1038,  &_v1052) < 0) {
						goto L18;
					} else {
						_t145 = _v1048;
						if(_v1044 == 0) {
							__eflags = _t145 - 0x1ff;
							if(_t145 >= 0x1ff) {
								goto L23;
							}
							_t92 = _t145 + _t145;
							_t145 = _t145 + 1;
							_v1048 = _t145;
							__eflags = _t92 - 0x3fe;
							if(_t92 >= 0x3fe) {
								E010CB75A();
								L29:
								__eflags = _v1056;
								if(_v1056 == 0) {
									L32:
									_t140 = _v1052 -  &_v1036 >> 1;
									__eflags = _v1044;
									_t134 = 0 | __eflags == 0x00000000;
									if(__eflags >= 0) {
										L13:
										_t135 = _v1064;
										if(_v1064 == 0 ||  *_t144 == 0) {
											L17:
											 *_t144 = _t145;
											_t77 = 0;
											goto L18;
										} else {
											if(_t145 >  *_t144) {
												_t77 = 0xc0000023;
												goto L18;
											}
											E010CF3E0(_t135,  &_v1036, _t145 + _t145);
											goto L17;
										}
									}
									__eflags = _v1044;
									_t145 = _t145 - (0 | _v1044 == 0x00000000) + 1 - _t140;
									_v1044 = _v1052 + 2;
									_t144 = E010A4620(_t134,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t145);
									__eflags = _t144;
									if(_t144 != 0) {
										_t140 = _v1044;
										_t136 = 0;
										__eflags = _t145;
										if(_t145 <= 0) {
											L39:
											_t108 = E0113B0D0(_t136, _t122, _t140, _t145,  &_v1037);
											__eflags = _t108;
											if(_t108 < 0) {
												L22:
												L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												goto L23;
											}
											__eflags = _v1037;
											if(_v1037 == 0) {
												goto L22;
											}
											_t111 = 0;
											__eflags = _t145;
											if(_t145 <= 0) {
												L45:
												L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t144);
												_t145 = _v1048;
												_t144 = _v1060;
												goto L13;
											} else {
												goto L42;
											}
											do {
												L42:
												__eflags =  *((char*)(_t111 + _t144)) - 1;
												if( *((char*)(_t111 + _t144)) == 1) {
													_t137 = _v1044;
													_t140 = 0xffe0;
													_t67 = _t137 + _t111 * 2;
													 *_t67 =  *((intOrPtr*)(_t137 + _t111 * 2)) + 0xffe0;
													__eflags =  *_t67;
												}
												_t111 = _t111 + 1;
												__eflags = _t111 - _t145;
											} while (_t111 < _t145);
											goto L45;
										} else {
											goto L36;
										}
										do {
											L36:
											__eflags = ( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf - 0x19;
											if(( *(_t140 + _t136 * 2) & 0x0000ffff) + 0xffffffbf <= 0x19) {
												_t58 = _t140 + _t136 * 2;
												 *_t58 =  *(_t140 + _t136 * 2) + 0x20;
												__eflags =  *_t58;
												 *((char*)(_t136 + _t144)) = 1;
											}
											_t136 = _t136 + 1;
											__eflags = _t136 - _t145;
										} while (_t136 < _t145);
										goto L39;
									}
									_t77 = 0xc0000017;
									goto L18;
								}
								_t121 = E0113B0D0( &_v1036, 1,  &_v1036, _v1052 -  &_v1036 >> 1,  &_v1037);
								__eflags = _t121;
								if(_t121 < 0) {
									goto L23;
								}
								__eflags = _v1037;
								if(_v1037 == 0) {
									goto L23;
								}
								goto L32;
							}
							 *((short*)(_t147 + _t92 - 0x408)) = 0;
						}
						if((_t122 & 0x00000008) != 0 || _v1038 != 0) {
							goto L13;
						} else {
							goto L29;
						}
					}
				}
			}





























                                      0x01085ad2
                                      0x01085ad5
                                      0x01085ad8
                                      0x01085add
                                      0x01085ae0
                                      0x01085ae7
                                      0x01085aea
                                      0x01085af2
                                      0x010e12e6
                                      0x010e12e6
                                      0x00000000
                                      0x01085b1f
                                      0x01085b1f
                                      0x01085b28
                                      0x00000000
                                      0x00000000
                                      0x01085b31
                                      0x010e1142
                                      0x010e114a
                                      0x010e114f
                                      0x010e1151
                                      0x010e1170
                                      0x010e1170
                                      0x01085bed
                                      0x01085bfd
                                      0x01085bfd
                                      0x010e1159
                                      0x010e1159
                                      0x01085b37
                                      0x01085b3e
                                      0x01085b47
                                      0x010e117a
                                      0x010e117a
                                      0x01085b53
                                      0x01085b70
                                      0x01085b9a
                                      0x00000000
                                      0x01085b9c
                                      0x01085ba4
                                      0x01085baa
                                      0x010e1180
                                      0x010e1186
                                      0x00000000
                                      0x00000000
                                      0x010e1188
                                      0x010e118b
                                      0x010e118c
                                      0x010e1192
                                      0x010e1197
                                      0x010e11a8
                                      0x010e11ad
                                      0x010e11ad
                                      0x010e11b4
                                      0x010e11e5
                                      0x010e11f5
                                      0x010e11f9
                                      0x010e1200
                                      0x010e1207
                                      0x01085bc2
                                      0x01085bc2
                                      0x01085bca
                                      0x01085be9
                                      0x01085be9
                                      0x01085beb
                                      0x00000000
                                      0x01085bd1
                                      0x01085bd3
                                      0x01085c00
                                      0x00000000
                                      0x01085c00
                                      0x01085be1
                                      0x00000000
                                      0x01085be6
                                      0x01085bca
                                      0x010e120f
                                      0x010e1225
                                      0x010e1227
                                      0x010e123e
                                      0x010e1240
                                      0x010e1242
                                      0x010e124e
                                      0x010e1254
                                      0x010e1256
                                      0x010e1258
                                      0x010e1275
                                      0x010e128a
                                      0x010e128f
                                      0x010e1291
                                      0x010e115f
                                      0x010e116b
                                      0x00000000
                                      0x010e116b
                                      0x010e1297
                                      0x010e129e
                                      0x00000000
                                      0x00000000
                                      0x010e12a4
                                      0x010e12a6
                                      0x010e12a8
                                      0x010e12c4
                                      0x010e12d0
                                      0x010e12d5
                                      0x010e12db
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e12aa
                                      0x010e12aa
                                      0x010e12aa
                                      0x010e12ae
                                      0x010e12b0
                                      0x010e12b6
                                      0x010e12bb
                                      0x010e12bb
                                      0x010e12bb
                                      0x010e12bb
                                      0x010e12bf
                                      0x010e12c0
                                      0x010e12c0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e125a
                                      0x010e125a
                                      0x010e1261
                                      0x010e1265
                                      0x010e1267
                                      0x010e1267
                                      0x010e1267
                                      0x010e126c
                                      0x010e126c
                                      0x010e1270
                                      0x010e1271
                                      0x010e1271
                                      0x00000000
                                      0x010e125a
                                      0x010e1244
                                      0x00000000
                                      0x010e1244
                                      0x010e11d3
                                      0x010e11d8
                                      0x010e11da
                                      0x00000000
                                      0x00000000
                                      0x010e11dc
                                      0x010e11e3
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e11e3
                                      0x010e119b
                                      0x010e119b
                                      0x01085bb3
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01085bb3
                                      0x01085b9a

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 541e0bafcb089b40943b5ce19207e38ca3337bac9abde8d9e966b44e404c3c7e
                                      • Instruction ID: 7a0a659b659ed671688557b3bef60aa3a81663b5be7059500ceabf4275d19773
                                      • Opcode Fuzzy Hash: 541e0bafcb089b40943b5ce19207e38ca3337bac9abde8d9e966b44e404c3c7e
                                      • Instruction Fuzzy Hash: 9C81E3B1A041198FDB259A28CD44BEE77F8AF54304F0441EEDA95E3281EB74DEC18F94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B138B Relevance: .2, Instructions: 206COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E010B138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E010B0678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E010C9660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E010A7D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0114138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E010B16C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E0114A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E010AB73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E010AA830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E0114A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                      0x010b139f
                                      0x010b13a1
                                      0x010b13a4
                                      0x010b13a6
                                      0x010b13ab
                                      0x010b13b3
                                      0x010f5522
                                      0x00000000
                                      0x010f5522
                                      0x010b13b9
                                      0x010b13c1
                                      0x010b13c4
                                      0x010b13cd
                                      0x010b13d0
                                      0x010b13d9
                                      0x010b13dc
                                      0x010b13df
                                      0x010b13e4
                                      0x010f552b
                                      0x00000000
                                      0x00000000
                                      0x010f5534
                                      0x010f553f
                                      0x010f5545
                                      0x010f5549
                                      0x010f554a
                                      0x010f554f
                                      0x010f5550
                                      0x010f5559
                                      0x010f551c
                                      0x00000000
                                      0x010f551c
                                      0x010f5562
                                      0x010f5574
                                      0x010f5564
                                      0x010f556d
                                      0x010f556d
                                      0x010f557c
                                      0x010f5597
                                      0x010f5597
                                      0x010f559f
                                      0x010f55a2
                                      0x010f55a5
                                      0x010f55a5
                                      0x010b13ec
                                      0x010b13f2
                                      0x010b13f4
                                      0x010b13f8
                                      0x010b13fe
                                      0x010b1400
                                      0x010b1406
                                      0x010b1412
                                      0x010b1419
                                      0x010f55b0
                                      0x010f55b5
                                      0x010f55b8
                                      0x010f55b8
                                      0x010b1425
                                      0x010b1429
                                      0x010b142c
                                      0x010b142f
                                      0x010b1432
                                      0x010b1435
                                      0x010b143a
                                      0x010b143d
                                      0x010b1443
                                      0x010b1446
                                      0x010b1449
                                      0x010b1450
                                      0x010b1453
                                      0x010b1459
                                      0x010b145f
                                      0x010b1462
                                      0x010b1467
                                      0x010b14fa
                                      0x010b146d
                                      0x010b146d
                                      0x010b146d
                                      0x010b146f
                                      0x010b1479
                                      0x010b1480
                                      0x010b1507
                                      0x010b1508
                                      0x010b1510
                                      0x010f55c1
                                      0x010f55c2
                                      0x010f55cc
                                      0x010f55d1
                                      0x010f55d4
                                      0x010f55d7
                                      0x010f55d7
                                      0x010b1482
                                      0x010b1482
                                      0x010b1482
                                      0x010b1484
                                      0x010b149b
                                      0x010b14a4
                                      0x010b14ae
                                      0x010b14b4
                                      0x010b14b4
                                      0x010b14ba
                                      0x010b14c4
                                      0x010b14c4
                                      0x010b14c9
                                      0x010b14cf
                                      0x010b14d2
                                      0x010b14d7
                                      0x010f55df
                                      0x010f55e0
                                      0x010f55ea
                                      0x010b14dd
                                      0x010b14dd
                                      0x010b14df
                                      0x010b14e2
                                      0x010b14e4
                                      0x010b14e4
                                      0x010b14e7
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                      • Instruction ID: 5691f44105aed3322e9b3f3e1181f3f767e8145c80d8e9b7d9d68913ee097d23
                                      • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                      • Instruction Fuzzy Hash: E381AB71A003459FCB25CF68C895AEABBF5FF48300F10856DE986C7641D734EA41CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A97ED Relevance: .2, Instructions: 202COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E010A97ED(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				unsigned int* _t72;
				signed int _t77;
				intOrPtr* _t80;
				char* _t81;
				signed int _t91;
				signed int _t101;
				char* _t108;
				signed int _t112;
				char* _t118;
				intOrPtr* _t130;
				unsigned int _t162;
				signed int _t164;
				intOrPtr _t166;
				signed int _t167;
				void* _t170;

				_t133 = __ecx;
				_t130 = __edx;
				_v24 = __ecx;
				_t166 =  *((intOrPtr*)(__ecx + 0xc));
				_v20 =  *__edx;
				_t162 = __ecx - 0xa8 + (( *(__edx + 8) & 0x000000ff) << 5);
				if( *((intOrPtr*)(_t166 + 0xd8)) != 0) {
					if(( *(_t166 + 0x40) & 0x00000001) == 0) {
						E0109EEF0( *((intOrPtr*)(_t166 + 0xc8)));
						E0109EB70(_t133,  *((intOrPtr*)(_t166 + 0xc8)));
					}
				}
				_t167 =  *(_t162 + 4) & 0x0000ffff;
				_v12 = _t167;
				if(_t167 >  *((intOrPtr*)(_t162 + 0xc))) {
					_t72 = _t162 + 8;
					_v8 = _t72;
					if(_t167 <=  *_t72 >>  *(_t162 + 0x10)) {
						goto L2;
					}
					_t101 = 1 <<  *(_t130 + 8);
					if(1 > 0x78000) {
						_t101 = 0x78000;
					}
					_v16 = ( *(_t130 + 0xa) & 0x0000ffff) + _t101;
					E010AC111( *((intOrPtr*)(_v24 + 0xc)), _t130, ( *(_t130 + 0xa) & 0x0000ffff) + _t101);
					if(E010A7D50() != 0) {
						_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t108 = 0x7ffe0380;
					}
					if( *_t108 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
							goto L13;
						} else {
							_t132 = _v24;
							E01141951(_v24,  *((intOrPtr*)(_v24 + 0xc)), _t130, _v16, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
							goto L14;
						}
					} else {
						L13:
						_t132 = _v24;
						L14:
						_t91 = _t162 + 8;
						asm("lock dec dword [eax]");
						if(_v12 != 0) {
							_t91 = E010B1710(_t162);
							_t164 = _t91;
							if(_t164 != 0) {
								_t112 = 1 <<  *(_t164 + 8);
								if(1 > 0x78000) {
									_t112 = 0x78000;
								}
								_t175 = ( *(_t164 + 0xa) & 0x0000ffff) + _t112;
								asm("lock xadd [eax], ecx");
								E010AC111( *((intOrPtr*)(_t132 + 0xc)), _t164,  ~(( *(_t164 + 0xa) & 0x0000ffff) + _t112));
								if(E010A7D50() != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								if( *_t118 != 0) {
									if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
										E011418CA(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
										E01141951(_t132,  *((intOrPtr*)(_t132 + 0xc)), _t164, _t175, 0);
									}
								}
								_t91 = _v8;
								asm("lock dec dword [eax]");
							}
						}
						L7:
						return _t91;
					}
				}
				L2:
				_t77 = 1 <<  *(_t130 + 8);
				if(1 > 0x78000) {
					_t77 = 0x78000;
				}
				_t170 = ( *(_t130 + 0xa) & 0x0000ffff) + _t77;
				asm("lock xadd [eax], ecx");
				_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t80 != 0) {
					if( *_t80 == 0) {
						goto L4;
					}
					_t81 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L5;
				} else {
					L4:
					_t81 = 0x7ffe0380;
					L5:
					if( *_t81 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E011419D8(_t130,  *((intOrPtr*)(_v24 + 0xc)), _t130, _t170, ( *(_v20 + 0x14) & 0x0000ffff) << 3);
						}
					}
					E010A2280(_t162 >> 0x00000002 & 0x0000001f, 0x1176dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					 *_t130 =  *_t162;
					 *(_t162 + 4) =  *(_t162 + 4) + 1;
					 *_t162 = _t130;
					E0109FFB0(_t130, _t162, 0x1176dc0 + (_t162 >> 0x00000002 & 0x0000001f) * 4);
					_t91 = ( *(_t162 + 0x16) & 0x0000ffff) + 1;
					 *(_t162 + 0x16) = _t91;
					goto L7;
				}
			}



























                                      0x010a97ed
                                      0x010a97f9
                                      0x010a97ff
                                      0x010a980b
                                      0x010a980e
                                      0x010a9819
                                      0x010a9824
                                      0x010a9996
                                      0x010a99a2
                                      0x010a99ad
                                      0x010a99b2
                                      0x010a9996
                                      0x010a982a
                                      0x010a9831
                                      0x010a9837
                                      0x010a98b6
                                      0x010a98b9
                                      0x010a98c6
                                      0x00000000
                                      0x00000000
                                      0x010a98d7
                                      0x010a98db
                                      0x010f1366
                                      0x010f1366
                                      0x010a98ed
                                      0x010a98fd
                                      0x010a9909
                                      0x010f1376
                                      0x010a990f
                                      0x010a990f
                                      0x010a990f
                                      0x010a9917
                                      0x010f138d
                                      0x00000000
                                      0x010f1393
                                      0x010f1399
                                      0x010f13af
                                      0x00000000
                                      0x010f13af
                                      0x010a991d
                                      0x010a991d
                                      0x010a991d
                                      0x010a9921
                                      0x010a9921
                                      0x010a9924
                                      0x010a992c
                                      0x010a9934
                                      0x010a9939
                                      0x010a993d
                                      0x010a9949
                                      0x010a994d
                                      0x010a99bb
                                      0x010a99bb
                                      0x010a9953
                                      0x010a995c
                                      0x010a9966
                                      0x010a9972
                                      0x010f13c2
                                      0x010a9978
                                      0x010a9978
                                      0x010a9978
                                      0x010a9980
                                      0x010f13d9
                                      0x010f13e7
                                      0x010f13f4
                                      0x010f13f4
                                      0x010f13d9
                                      0x010a9986
                                      0x010a998a
                                      0x010a998a
                                      0x010a993d
                                      0x010a98ad
                                      0x010a98b3
                                      0x010a98b3
                                      0x010a9917
                                      0x010a9839
                                      0x010a9844
                                      0x010a9848
                                      0x010f13fe
                                      0x010f13fe
                                      0x010a9852
                                      0x010a9859
                                      0x010a9863
                                      0x010a9868
                                      0x010f1408
                                      0x00000000
                                      0x00000000
                                      0x010f1417
                                      0x00000000
                                      0x010a986e
                                      0x010a986e
                                      0x010a986e
                                      0x010a9873
                                      0x010a9876
                                      0x010f142e
                                      0x010f144d
                                      0x010f144d
                                      0x010f142e
                                      0x010a988c
                                      0x010a9893
                                      0x010a9895
                                      0x010a989a
                                      0x010a989c
                                      0x010a98a8
                                      0x010a98a9
                                      0x00000000
                                      0x010a98a9

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e0ee3e1e8959cb212167545864b2ce65a3765c06ec9423b86710ca70c17869c
                                      • Instruction ID: 4468a3ba71a713b2d283f9a01a43b40e1af6b026908dc592e5573105b1a42774
                                      • Opcode Fuzzy Hash: 6e0ee3e1e8959cb212167545864b2ce65a3765c06ec9423b86710ca70c17869c
                                      • Instruction Fuzzy Hash: F971EE36704252DBD352DFA8C480B6AB7E4FF84714F0585A9E8D9CB752E734E841CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0111B8D0 Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 39%
                                      			E0111B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1177b9c; // 0x0
				_t124 = E010A4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E010C9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010C95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010C95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010A77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E010C9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010C95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1177b9c; // 0x0
									_t92 = E010A4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E010C9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0108A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0111E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0111E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010C95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                      0x0111b8d9
                                      0x0111b8e4
                                      0x00000000
                                      0x0111b8e6
                                      0x0111b8f3
                                      0x0111b8f5
                                      0x0111b8f5
                                      0x0111b8f8
                                      0x0111b920
                                      0x0111b924
                                      0x0111b936
                                      0x0111b939
                                      0x0111b93d
                                      0x0111b948
                                      0x0111b9a0
                                      0x0111b9a0
                                      0x0111b9a4
                                      0x0111b9bf
                                      0x0111b9c4
                                      0x0111b9c6
                                      0x0111b9cd
                                      0x0111b9d1
                                      0x0111bad4
                                      0x0111bad8
                                      0x0111bada
                                      0x0111badc
                                      0x0111badc
                                      0x0111badf
                                      0x0111bae0
                                      0x0111bae2
                                      0x0111bae4
                                      0x0111baec
                                      0x0111baee
                                      0x0111baf0
                                      0x0111baf0
                                      0x0111baec
                                      0x0111bafb
                                      0x0111bafc
                                      0x0111bafe
                                      0x0111bb01
                                      0x0111bb01
                                      0x00000000
                                      0x0111bb06
                                      0x0111b9d7
                                      0x0111b9db
                                      0x0111b9db
                                      0x0111b9de
                                      0x0111b9de
                                      0x0111b9e4
                                      0x0111b9e7
                                      0x0111b9ea
                                      0x0111b9ec
                                      0x0111b9ef
                                      0x0111b9f3
                                      0x0111ba1b
                                      0x0111ba1b
                                      0x0111ba23
                                      0x0111ba24
                                      0x0111ba27
                                      0x0111ba2a
                                      0x0111ba2b
                                      0x0111ba2e
                                      0x0111ba30
                                      0x0111ba37
                                      0x0111ba3f
                                      0x0111ba9c
                                      0x0111baa2
                                      0x0111bb13
                                      0x0111bb15
                                      0x0111baae
                                      0x0111baae
                                      0x0111bab3
                                      0x0111bab5
                                      0x0111baba
                                      0x0111bac8
                                      0x0111bac8
                                      0x0111baba
                                      0x0111bacd
                                      0x0111bacf
                                      0x00000000
                                      0x0111bacf
                                      0x0111bb1a
                                      0x00000000
                                      0x0111bb1c
                                      0x0111baa7
                                      0x0111bb11
                                      0x00000000
                                      0x0111bb11
                                      0x0111baa9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0111ba41
                                      0x0111ba41
                                      0x0111ba41
                                      0x0111ba58
                                      0x0111ba5d
                                      0x0111ba62
                                      0x00000000
                                      0x00000000
                                      0x0111ba64
                                      0x0111ba67
                                      0x0111ba68
                                      0x0111ba69
                                      0x0111ba6c
                                      0x0111ba6f
                                      0x0111ba71
                                      0x0111ba78
                                      0x0111ba80
                                      0x00000000
                                      0x00000000
                                      0x0111ba90
                                      0x0111ba90
                                      0x0111ba97
                                      0x00000000
                                      0x0111ba97
                                      0x0111b9f5
                                      0x0111b9f7
                                      0x0111b9f7
                                      0x0111b9fa
                                      0x0111ba03
                                      0x0111ba07
                                      0x0111ba0c
                                      0x0111ba10
                                      0x0111ba17
                                      0x00000000
                                      0x0111b9f7
                                      0x0111b9a6
                                      0x0111b9a8
                                      0x0111b9af
                                      0x0111b9b3
                                      0x00000000
                                      0x00000000
                                      0x0111b9b9
                                      0x00000000
                                      0x0111b9b9
                                      0x0111b94d
                                      0x0111b98f
                                      0x0111b995
                                      0x0111b999
                                      0x0111b960
                                      0x0111b967
                                      0x0111b968
                                      0x0111b96a
                                      0x00000000
                                      0x0111b96a
                                      0x0111b99b
                                      0x0111b99e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0111b99e
                                      0x0111b951
                                      0x0111b954
                                      0x0111b95a
                                      0x0111b95e
                                      0x0111b972
                                      0x0111b979
                                      0x0111b97d
                                      0x0111b97f
                                      0x0111b980
                                      0x0111b982
                                      0x0111b984
                                      0x00000000
                                      0x0111b984
                                      0x00000000
                                      0x0111b926
                                      0x00000000
                                      0x0111b926

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23668eceffa65150811a1f1d32ca9b4e7a257f058d834b43f96e005077904ccd
                                      • Instruction ID: e4229013630f4f717c55b061d3c0117d48705ec2f375662fbe6deae36327edc3
                                      • Opcode Fuzzy Hash: 23668eceffa65150811a1f1d32ca9b4e7a257f058d834b43f96e005077904ccd
                                      • Instruction Fuzzy Hash: 25711132204706EFE73A8F18C844FAAFBB6FB44720F154538E695876A4EB71E941CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01106DC9 Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E01106DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01106B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E010A7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E010C9AE0();
					_t87 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0110795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0110795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0110795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0110795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = E010A4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01106B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01106B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01106B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01106B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E010A7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E010C9AE0();
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L010A2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L010A2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L010A2400( &_v52);
							}
							if(_v28 >= 0) {
								return L010A2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                      0x01106dd4
                                      0x01106dde
                                      0x01106de1
                                      0x01106de3
                                      0x01106de6
                                      0x01106de9
                                      0x01106dec
                                      0x01106def
                                      0x01106df2
                                      0x01106df5
                                      0x01106dfe
                                      0x01106e04
                                      0x01106e09
                                      0x01106e0d
                                      0x01106e18
                                      0x01106e1b
                                      0x01106e22
                                      0x01106e2d
                                      0x01106e30
                                      0x01106e36
                                      0x01106e42
                                      0x01106e4d
                                      0x01106e50
                                      0x01106e55
                                      0x01106e5c
                                      0x01106e6e
                                      0x01106e5e
                                      0x01106e67
                                      0x01106e67
                                      0x01106e73
                                      0x01106e74
                                      0x01106e77
                                      0x01106e7c
                                      0x01106e7d
                                      0x01106e8e
                                      0x01106e93
                                      0x01106e9c
                                      0x01106ea8
                                      0x01106eab
                                      0x01106eac
                                      0x01106eb3
                                      0x01106ecd
                                      0x01106edc
                                      0x01106ee2
                                      0x01106ee5
                                      0x01106ef2
                                      0x01106efb
                                      0x01106f01
                                      0x01106f06
                                      0x01106f0b
                                      0x01106f11
                                      0x01106f1a
                                      0x01106f22
                                      0x01106f26
                                      0x01106f26
                                      0x01106f33
                                      0x01106f41
                                      0x01106f44
                                      0x01106f47
                                      0x01106f54
                                      0x01106f65
                                      0x01106f77
                                      0x01106f7c
                                      0x01106f82
                                      0x01106f91
                                      0x01106f99
                                      0x01106fa3
                                      0x01106fae
                                      0x01106fae
                                      0x01106fba
                                      0x01106fbb
                                      0x01106fbc
                                      0x01106fc1
                                      0x01106fc2
                                      0x01106fd3
                                      0x01106fd8
                                      0x01106fd8
                                      0x01106fdf
                                      0x01106fe8
                                      0x01106fee
                                      0x01106fee
                                      0x01106ff5
                                      0x01106ffb
                                      0x01106ffb
                                      0x01107004
                                      0x00000000
                                      0x0110700a
                                      0x01107004
                                      0x01106eb3
                                      0x01106e9c
                                      0x01107015

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction ID: 015cb81827917917c652cd498daa4f6827addb830b0ddc40c6970ef035ef905b
                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction Fuzzy Hash: E4719D71E0060AEFCB15DFA8C980AEEBBB9FF48714F104169E545E7290DB74AA41CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109F370 Relevance: .2, Instructions: 194COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E0109F370(intOrPtr __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				unsigned int _t65;
				signed int _t75;
				signed int _t76;
				intOrPtr* _t101;
				char* _t102;
				unsigned int _t115;
				signed int _t119;
				unsigned int _t124;
				void* _t134;
				signed int _t135;
				unsigned int _t137;
				signed int _t141;
				signed int _t148;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				unsigned int _t159;

				_v12 = __ecx;
				_v5 = __edx;
				_t65 = ((__edx & 0x000000ff) << 5) + __ecx;
				_t115 = _t65 - 0xa8;
				_v28 = _t65;
				_v24 = _t115;
				 *(_t115 + 0x14) = ( *(_t115 + 0x14) & 0x0000ffff) + 1;
				_v16 = 0x1176dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4;
				E010A2280(_t115 >> 0x00000002 & 0x0000001f, 0x1176dc0 + (_t115 >> 0x00000002 & 0x0000001f) * 4);
				_t155 =  *_t115;
				if(_t155 != 0) {
					 *_t115 =  *_t155;
					 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t115 + 4)) + 0xffff;
				}
				asm("lock cmpxchg [edi], ecx");
				_t119 = 1;
				if(1 != 1) {
					while(1) {
						_t75 = _t119 & 0x00000006;
						_v20 = _t75;
						_t76 = _t119;
						_t134 = (0 | _t75 == 0x00000002) * 4 - 1 + _t119;
						asm("lock cmpxchg [ebx], edi");
						if(_t76 == _t119) {
							break;
						}
						_t119 = _t76;
					}
					_t115 = _v24;
					if(_v20 == 2) {
						E010C00C2(_v16, 0, _t134);
					}
					_t135 = 1;
				}
				if(_t155 == 0) {
					_t77 = _v5;
					if(_v5 <= 7) {
						L17:
						_t156 = E0109B433( *((intOrPtr*)(_v12 + 0xc)), _t77, _a4, _a8);
						if(_t156 != 0) {
							asm("lock inc dword [eax]");
						}
						L11:
						_t137 =  *(_t115 + 0x14) & 0x0000ffff;
						if(_t137 > 0x40) {
							_t148 =  *(_t115 + 0x18) & 0x0000ffff;
							if(_t137 >= (( *(_t115 + 0x16) & 0x0000ffff) >> 1) + ( *(_t115 + 0x16) & 0x0000ffff) || _t148 >= _t137 - (_t137 >> 1)) {
								L23:
								 *(_t115 + 0x14) = 0;
								 *(_t115 + 0x16) = 0;
								 *(_t115 + 0x18) = 0;
								goto L12;
							} else {
								if( *((intOrPtr*)(_t115 + 0xc)) >= 2) {
									if( *((intOrPtr*)(_t115 + 0x10)) <= 2) {
										goto L23;
									}
									L26:
									asm("lock cmpxchg [edx], ecx");
									goto L23;
								}
								goto L26;
							}
						}
						L12:
						return _t156;
					}
					_t159 = _v28 + 0xffffff38;
					_v28 = _t159;
					_t150 = 0x1176dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4;
					E010A2280(_t159 >> 0x00000002 & 0x0000001f, 0x1176dc0 + (_t159 >> 0x00000002 & 0x0000001f) * 4);
					_t156 =  *_t159;
					if(_t156 != 0) {
						_t124 = _v28;
						 *_t124 =  *_t156;
						 *((intOrPtr*)(_t124 + 4)) =  *((intOrPtr*)(_t124 + 4)) + 0xffff;
					}
					E0109FFB0(_t115, _t150, _t150);
					if(_t156 != 0) {
						_v5 = _v5 - 1;
						_t135 = 1;
						L5:
						if(_t156 == 0) {
							goto L16;
						}
						_t141 = _t135 <<  *(_t156 + 8);
						if(_t141 > 0x78000) {
							_t141 = 0x78000;
						}
						_t152 = ( *(_t156 + 0xa) & 0x0000ffff) + _t141;
						_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t101 != 0) {
							if( *_t101 == 0) {
								goto L8;
							}
							_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							goto L9;
						} else {
							L8:
							_t102 = 0x7ffe0380;
							L9:
							if( *_t102 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
									E011418CA(_t115,  *((intOrPtr*)(_v12 + 0xc)), _t156, _t152, _a4);
								}
							}
							asm("lock xadd [eax], edi");
							goto L11;
						}
					} else {
						L16:
						_t77 = _v5;
						goto L17;
					}
				}
				 *(_t115 + 0x18) = ( *(_t115 + 0x18) & 0x0000ffff) + 1;
				goto L5;
			}




























                                      0x0109f37a
                                      0x0109f37d
                                      0x0109f386
                                      0x0109f389
                                      0x0109f38f
                                      0x0109f39a
                                      0x0109f39d
                                      0x0109f3b3
                                      0x0109f3b6
                                      0x0109f3bb
                                      0x0109f3bf
                                      0x0109f3c3
                                      0x0109f3ca
                                      0x0109f3ca
                                      0x0109f3d7
                                      0x0109f3db
                                      0x0109f3df
                                      0x010ebc33
                                      0x010ebc37
                                      0x010ebc3d
                                      0x010ebc40
                                      0x010ebc4c
                                      0x010ebc50
                                      0x010ebc56
                                      0x00000000
                                      0x00000000
                                      0x010ebc58
                                      0x010ebc58
                                      0x010ebc60
                                      0x010ebc63
                                      0x010ebc6b
                                      0x010ebc6b
                                      0x010ebc70
                                      0x010ebc70
                                      0x0109f3e7
                                      0x0109f45a
                                      0x0109f45f
                                      0x0109f495
                                      0x0109f4a8
                                      0x0109f4ac
                                      0x0109f4ba
                                      0x0109f4ba
                                      0x0109f43f
                                      0x0109f443
                                      0x0109f449
                                      0x0109f4e2
                                      0x0109f4ee
                                      0x0109f4fa
                                      0x0109f4fc
                                      0x0109f500
                                      0x0109f504
                                      0x00000000
                                      0x0109f50d
                                      0x0109f516
                                      0x0109f52a
                                      0x00000000
                                      0x00000000
                                      0x0109f51b
                                      0x0109f51b
                                      0x00000000
                                      0x0109f51b
                                      0x00000000
                                      0x0109f518
                                      0x0109f4ee
                                      0x0109f44f
                                      0x0109f457
                                      0x0109f457
                                      0x0109f464
                                      0x0109f46c
                                      0x0109f475
                                      0x0109f47d
                                      0x0109f482
                                      0x0109f486
                                      0x0109f4bf
                                      0x0109f4c4
                                      0x0109f4cb
                                      0x0109f4cb
                                      0x0109f489
                                      0x0109f490
                                      0x0109f4d1
                                      0x0109f4d4
                                      0x0109f3f5
                                      0x0109f3f7
                                      0x00000000
                                      0x00000000
                                      0x0109f400
                                      0x0109f408
                                      0x010ebc7a
                                      0x010ebc7a
                                      0x0109f418
                                      0x0109f41a
                                      0x0109f41f
                                      0x010ebc87
                                      0x00000000
                                      0x00000000
                                      0x010ebc96
                                      0x00000000
                                      0x0109f425
                                      0x0109f425
                                      0x0109f425
                                      0x0109f42a
                                      0x0109f42d
                                      0x010ebcad
                                      0x010ebcbf
                                      0x010ebcbf
                                      0x010ebcad
                                      0x0109f43b
                                      0x00000000
                                      0x0109f43b
                                      0x0109f492
                                      0x0109f492
                                      0x0109f492
                                      0x00000000
                                      0x0109f492
                                      0x0109f490
                                      0x0109f3f1
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0021a758c174f19d50f7dcc176ff2d6608516543c9813daba198abe62202ffa5
                                      • Instruction ID: 182bbf9df62c51fffad7a5da1f1b1737b7119d063d3695e73bfee64f534fcdcb
                                      • Opcode Fuzzy Hash: 0021a758c174f19d50f7dcc176ff2d6608516543c9813daba198abe62202ffa5
                                      • Instruction Fuzzy Hash: 1F610132A042168FCF69CF5CC4906AEBBF1EF85710F1880A9E895DB345DB34D952DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108395E Relevance: .2, Instructions: 172COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 83%
                                      			E0108395E(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t57;
				intOrPtr _t67;
				intOrPtr _t74;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				intOrPtr _t109;
				signed int _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x117d360 ^ _t114;
				_t54 =  *0x11784cc; // 0x0
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				L010AFAD0(_t54 + 4);
				_t109 =  *0x11784cc; // 0x0
				_t110 = _t109 + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E010A2280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E0109FFB0(_t94, _t112, _t94);
								_t74 =  *0x11784cc; // 0x0
								_t123 = _t74 + 4;
								E010AFA00(_t94, _t97, _t112, _t74 + 4);
								while(1) {
									_t95 = 0;
									_t77 = E01083ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E01083ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E010A2280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E0109FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E01112DA1(_t113);
										}
										L17:
										E0109FFB0(_t93, _t112, _t113 + 0x28);
										E010BDE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E010CA3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E010CB640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E0109FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E0109FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				_t57 =  *0x11784cc; // 0x0
				E010AFA00(_t93, _t97, _t112, _t57 + 4);
				goto L18;
			}

























                                      0x0108396d
                                      0x01083970
                                      0x0108397b
                                      0x0108397e
                                      0x01083980
                                      0x01083982
                                      0x01083986
                                      0x0108398b
                                      0x01083991
                                      0x01083994
                                      0x01083996
                                      0x010839a1
                                      0x010839a7
                                      0x010839aa
                                      0x01083aa7
                                      0x01083aa7
                                      0x00000000
                                      0x010839c4
                                      0x010839c4
                                      0x010839ca
                                      0x00000000
                                      0x00000000
                                      0x010839d0
                                      0x010839d4
                                      0x010839dd
                                      0x010dfffc
                                      0x010e0000
                                      0x010e0020
                                      0x010e0025
                                      0x010e0029
                                      0x010839ed
                                      0x010839ed
                                      0x010839f2
                                      0x010839f9
                                      0x010839fe
                                      0x01083a03
                                      0x01083a07
                                      0x01083a0c
                                      0x01083a0c
                                      0x01083a13
                                      0x01083a1d
                                      0x01083a1f
                                      0x010e004b
                                      0x010e004b
                                      0x01083a27
                                      0x01083a37
                                      0x010e0052
                                      0x010e0052
                                      0x01083a41
                                      0x01083a46
                                      0x01083a49
                                      0x01083a4c
                                      0x01083a4e
                                      0x01083a9f
                                      0x01083aa3
                                      0x01083aa3
                                      0x01083a56
                                      0x010e0059
                                      0x010e005f
                                      0x010e0064
                                      0x00000000
                                      0x010e0064
                                      0x01083a5e
                                      0x010e0073
                                      0x010e0075
                                      0x010e007d
                                      0x010e0080
                                      0x010e0087
                                      0x010e0087
                                      0x01083a72
                                      0x01083a76
                                      0x01083a7d
                                      0x01083a82
                                      0x01083a86
                                      0x010e0091
                                      0x010e0093
                                      0x010e0096
                                      0x010e0097
                                      0x010e0098
                                      0x010e0099
                                      0x010e009c
                                      0x010e009e
                                      0x010e00a3
                                      0x010e00a5
                                      0x010e00b2
                                      0x010e00b2
                                      0x010e00b7
                                      0x010e00b7
                                      0x01083a9e
                                      0x01083a9e
                                      0x01083a64
                                      0x01083a6a
                                      0x01083ac4
                                      0x01083ac6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083ac8
                                      0x01083a6c
                                      0x01083a6f
                                      0x00000000
                                      0x01083a6f
                                      0x01083a0c
                                      0x010e0002
                                      0x010e0003
                                      0x010e0003
                                      0x010e0008
                                      0x00000000
                                      0x010e0008
                                      0x010839e7
                                      0x010e0032
                                      0x010e0036
                                      0x010e0037
                                      0x00000000
                                      0x00000000
                                      0x010e0039
                                      0x010e003c
                                      0x010e0041
                                      0x00000000
                                      0x010e0041
                                      0x00000000
                                      0x010839e7
                                      0x010839aa
                                      0x01083aae
                                      0x01083ab7
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 478d2881b1349a157d4b55b6160461b3677878d470a4f60d79700f0500658bc8
                                      • Instruction ID: 04fa2202490ff7425d1cbfb4cf295266d60bdb7e600c172b8b22410c413829ab
                                      • Opcode Fuzzy Hash: 478d2881b1349a157d4b55b6160461b3677878d470a4f60d79700f0500658bc8
                                      • Instruction Fuzzy Hash: EA518F71A047469FDB34EB9AC894BAAF7E8BF94719F10446DE1C68B611C7B4E844CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108B171 Relevance: .2, Instructions: 166COMMONLIBRARYCODE
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E0108B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x115f7a8);
				E010DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E010DD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E010CD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E010CF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E010DDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E010CB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E010CB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E010CE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E010CA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                      0x0108b171
                                      0x0108b171
                                      0x0108b171
                                      0x0108b171
                                      0x0108b171
                                      0x0108b176
                                      0x0108b17b
                                      0x0108b180
                                      0x0108b186
                                      0x0108b18f
                                      0x0108b198
                                      0x0108b1a4
                                      0x0108b1aa
                                      0x010e4802
                                      0x010e4802
                                      0x010e4805
                                      0x010e480c
                                      0x010e480e
                                      0x0108b1d1
                                      0x0108b1d3
                                      0x0108b1de
                                      0x0108b1de
                                      0x010e4817
                                      0x010e481e
                                      0x010e4820
                                      0x010e4822
                                      0x010e4822
                                      0x010e4824
                                      0x010e4824
                                      0x010e482a
                                      0x00000000
                                      0x00000000
                                      0x010e4835
                                      0x010e483a
                                      0x010e483d
                                      0x010e483f
                                      0x010e4842
                                      0x010e4842
                                      0x010e4842
                                      0x010e4846
                                      0x010e484c
                                      0x010e484e
                                      0x010e4851
                                      0x010e4851
                                      0x010e4853
                                      0x010e4854
                                      0x010e4854
                                      0x010e4858
                                      0x010e485a
                                      0x010e485a
                                      0x010e485d
                                      0x010e485f
                                      0x010e4861
                                      0x010e4861
                                      0x010e4866
                                      0x010e486b
                                      0x010e486e
                                      0x010e4871
                                      0x010e4876
                                      0x010e4876
                                      0x010e4878
                                      0x010e487b
                                      0x010e4884
                                      0x010e4884
                                      0x00000000
                                      0x010e487d
                                      0x010e487d
                                      0x010e4882
                                      0x010e4889
                                      0x010e4889
                                      0x010e488f
                                      0x010e4891
                                      0x010e48e0
                                      0x010e48e2
                                      0x010e48e4
                                      0x010e48e4
                                      0x010e48e7
                                      0x010e48e7
                                      0x010e48ed
                                      0x010e48f4
                                      0x010e48f6
                                      0x010e4951
                                      0x010e4951
                                      0x010e4953
                                      0x010e4953
                                      0x010e4956
                                      0x010e4956
                                      0x010e4958
                                      0x010e4959
                                      0x010e4959
                                      0x010e495d
                                      0x010e495d
                                      0x010e495f
                                      0x010e495f
                                      0x010e4965
                                      0x010e4969
                                      0x010e49ba
                                      0x010e49ba
                                      0x010e49c1
                                      0x010e49c5
                                      0x010e49cc
                                      0x010e49d4
                                      0x010e49d7
                                      0x010e49da
                                      0x010e49e4
                                      0x010e49e5
                                      0x010e49f3
                                      0x010e4a02
                                      0x00000000
                                      0x010e4a02
                                      0x010e4972
                                      0x010e4974
                                      0x00000000
                                      0x00000000
                                      0x010e4976
                                      0x010e4979
                                      0x010e4982
                                      0x010e4983
                                      0x010e4984
                                      0x010e498b
                                      0x010e498d
                                      0x010e4991
                                      0x010e4993
                                      0x010e4999
                                      0x010e499d
                                      0x010e49a2
                                      0x010e49a2
                                      0x010e49a2
                                      0x010e4999
                                      0x010e49ac
                                      0x00000000
                                      0x010e49b3
                                      0x010e48f8
                                      0x010e48fe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e48fe
                                      0x010e4895
                                      0x010e489c
                                      0x010e48ad
                                      0x010e48b2
                                      0x010e48b5
                                      0x010e48b7
                                      0x010e48ba
                                      0x010e48bc
                                      0x010e48c6
                                      0x010e48c6
                                      0x010e48cb
                                      0x010e48d1
                                      0x010e48d4
                                      0x010e48d8
                                      0x010e48d8
                                      0x00000000
                                      0x010e48d8
                                      0x010e48be
                                      0x010e48c0
                                      0x00000000
                                      0x00000000
                                      0x010e48c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e48c4
                                      0x00000000
                                      0x010e4882
                                      0x010e487b
                                      0x010e4904
                                      0x010e4906
                                      0x00000000
                                      0x00000000
                                      0x010e4908
                                      0x010e490e
                                      0x00000000
                                      0x00000000
                                      0x010e4910
                                      0x010e4917
                                      0x010e4917
                                      0x00000000
                                      0x010e4917
                                      0x0108b1ba
                                      0x010e47f9
                                      0x010e47fc
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e47fc
                                      0x0108b1c0
                                      0x0108b1c0
                                      0x0108b1c3
                                      0x0108b1cb
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3e299856cf21823cc255f01bf53358b86dedda16a3aba8ad9cdc9f76c0b0e33
                                      • Instruction ID: 663b5aa6e0b5d80dc8e1950ac186484f2b1cf03630fe02d30728dd08d68ce21b
                                      • Opcode Fuzzy Hash: a3e299856cf21823cc255f01bf53358b86dedda16a3aba8ad9cdc9f76c0b0e33
                                      • Instruction Fuzzy Hash: C251DD71D0025A8EEF26CF698948BAEBBF1AF04710F1041ADE8D9EB282D7754945CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114B581 Relevance: .2, Instructions: 163COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0114B581(char __ecx) {
				signed int _v8;
				signed int _v11;
				intOrPtr _v15;
				short _v41;
				char _v47;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v55;
				signed int _v56;
				char _v60;
				intOrPtr _v63;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t60;
				char* _t66;
				void* _t67;
				signed int _t87;
				signed int _t88;
				void* _t89;
				signed char _t91;
				intOrPtr* _t98;
				signed int _t107;
				signed int _t108;
				signed int _t114;
				signed int _t115;
				char _t117;
				void* _t120;
				signed int* _t123;
				void* _t124;
				signed int _t128;
				signed int _t129;

				_t131 = (_t129 & 0xfffffff8) - 0x3c;
				_v8 =  *0x117d360 ^ (_t129 & 0xfffffff8) - 0x0000003c;
				_t117 = __ecx;
				_v60 = __ecx;
				_t91 =  *((intOrPtr*)(__ecx + 0x38));
				_t54 =  *(__ecx + 0x34);
				_t87 = _t91 & 1;
				if(_t54 == 0) {
					L17:
					 *(_t117 + 0x34) =  *(_t117 + 0x34) & 0x00000000;
					 *(_t117 + 0x38) =  *(_t117 + 0x38) & 0x00000000;
					if((_t91 & 0x00000001) != 0) {
						 *(_t117 + 0x38) = 1;
					}
					_t118 = _v60;
					_t88 = _v60 + 0xe8;
					while(1) {
						_t122 =  *_t88;
						if( *_t88 == 0) {
							break;
						}
						E01152EF7(_t118 + 0xd8, _t122 ^ _t88);
						E01153209(_t118 + 0xd8, _t122 ^ _t88, 1);
					}
					E0114CB82(_v60 + 0x118);
					E0114FA96();
					E0114FA96();
					_t98 = _v60;
					_v48 =  *((intOrPtr*)(_t98 + 4));
					_t60 =  *((intOrPtr*)(_t98 + 0xd4)) - _t98;
					_v52 =  *_t98;
					_v56 = _t60;
					_push( *((intOrPtr*)(_t98 + 4)));
					_push( *_t98);
					if(( *(_t98 + 0x2c) & 0x00000001) == 0) {
						asm("sbb eax, eax");
						_push((_t60 & 0x01000000) + 0x8000);
						E0114AFDE( &_v60,  &_v56);
					} else {
						E0114BCD2(_t98);
					}
					E0114C23A( &_v55, 0);
					if(E010A7D50() == 0) {
						_t66 = 0x7ffe0388;
					} else {
						_t66 = ( *[fs:0x30])[0x14] + 0x22e;
					}
					if( *_t66 != 0) {
						E0113FDD3(_v63);
					}
					_t67 = E010A7D50();
					_t123 = 0x7ffe0380;
					if(_t67 == 0) {
						_t68 = 0x7ffe0380;
					} else {
						_t68 = ( *[fs:0x30])[0x14] + 0x226;
					}
					if( *_t68 != 0) {
						_t68 =  *[fs:0x30];
						if((( *[fs:0x30])[0x90] & 0x00000001) != 0) {
							if(E010A7D50() != 0) {
								_t123 = ( *[fs:0x30])[0x14] + 0x226;
							}
							_v15 = _v63;
							_v41 = 0x1023;
							_push( &_v47);
							_push(4);
							_push(0x402);
							_push( *_t123 & 0x000000ff);
							_t68 = E010C9AE0();
						}
					}
					_pop(_t120);
					_pop(_t124);
					_pop(_t89);
					return E010CB640(_t68, _t89, _v11 ^ _t131, 0, _t120, _t124);
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t107 =  *_t54;
					if(_t107 != 0) {
						break;
					}
					_t108 =  *(_t54 + 4);
					if(_t108 == 0) {
						_t128 =  *(_t54 + 8) & 0xfffffffc;
						if(_t87 != 0 && _t128 != 0) {
							_t128 = _t128 ^ _t54;
						}
						E0114E962(_t87, _t108, _t54, _t117);
						if(_t128 == 0) {
							_t91 =  *(_t117 + 0x38);
							goto L17;
						} else {
							_t54 = _t128;
							continue;
						}
					}
					_t115 = _t54;
					if(_t87 == 0) {
						_t54 = _t108;
					} else {
						_t54 = _t54 ^ _t108;
					}
					 *(_t115 + 4) =  *(_t115 + 4) & 0x00000000;
				}
				_t114 = _t54;
				if(_t87 == 0) {
					_t54 = _t107;
				} else {
					_t54 = _t54 ^ _t107;
				}
				 *_t114 =  *_t114 & 0x00000000;
				goto L1;
			}




































                                      0x0114b589
                                      0x0114b593
                                      0x0114b59a
                                      0x0114b59c
                                      0x0114b5a0
                                      0x0114b5a3
                                      0x0114b5a9
                                      0x0114b5ae
                                      0x0114b602
                                      0x0114b602
                                      0x0114b606
                                      0x0114b60d
                                      0x0114b60f
                                      0x0114b60f
                                      0x0114b613
                                      0x0114b617
                                      0x0114b61d
                                      0x0114b61d
                                      0x0114b621
                                      0x00000000
                                      0x00000000
                                      0x0114b62d
                                      0x0114b63c
                                      0x0114b63c
                                      0x0114b64d
                                      0x0114b659
                                      0x0114b668
                                      0x0114b66d
                                      0x0114b676
                                      0x0114b680
                                      0x0114b682
                                      0x0114b686
                                      0x0114b68e
                                      0x0114b691
                                      0x0114b693
                                      0x0114b6a7
                                      0x0114b6b3
                                      0x0114b6b4
                                      0x0114b695
                                      0x0114b695
                                      0x0114b695
                                      0x0114b6bf
                                      0x0114b6cb
                                      0x0114b6dd
                                      0x0114b6cd
                                      0x0114b6d6
                                      0x0114b6d6
                                      0x0114b6e5
                                      0x0114b6eb
                                      0x0114b6eb
                                      0x0114b6f0
                                      0x0114b6f5
                                      0x0114b701
                                      0x0114b710
                                      0x0114b703
                                      0x0114b70c
                                      0x0114b70c
                                      0x0114b715
                                      0x0114b717
                                      0x0114b724
                                      0x0114b72d
                                      0x0114b738
                                      0x0114b738
                                      0x0114b740
                                      0x0114b749
                                      0x0114b752
                                      0x0114b753
                                      0x0114b755
                                      0x0114b75d
                                      0x0114b75e
                                      0x0114b75e
                                      0x0114b724
                                      0x0114b767
                                      0x0114b768
                                      0x0114b769
                                      0x0114b774
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0114b5b0
                                      0x0114b5b0
                                      0x0114b5b0
                                      0x0114b5b4
                                      0x00000000
                                      0x00000000
                                      0x0114b5c7
                                      0x0114b5cc
                                      0x0114b5e3
                                      0x0114b5e8
                                      0x0114b5ee
                                      0x0114b5ee
                                      0x0114b5f2
                                      0x0114b5f9
                                      0x0114b5ff
                                      0x00000000
                                      0x0114b5fb
                                      0x0114b5fb
                                      0x00000000
                                      0x0114b5fb
                                      0x0114b5f9
                                      0x0114b5ce
                                      0x0114b5d2
                                      0x0114b5d8
                                      0x0114b5d4
                                      0x0114b5d4
                                      0x0114b5d4
                                      0x0114b5da
                                      0x0114b5da
                                      0x0114b5b6
                                      0x0114b5ba
                                      0x0114b5c0
                                      0x0114b5bc
                                      0x0114b5bc
                                      0x0114b5bc
                                      0x0114b5c2
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46ce628af71c2187f26d0c1bd6efc29931514c4404207f274a89b6b7164e31d4
                                      • Instruction ID: f2c1c003fed2b4f2cf4970ebab2bd426fd95f8cde726ac78d33da55eb98ed1bf
                                      • Opcode Fuzzy Hash: 46ce628af71c2187f26d0c1bd6efc29931514c4404207f274a89b6b7164e31d4
                                      • Instruction Fuzzy Hash: 675103316087428BE31DDF28C554BAABBE4FF50B14F19456DE9858B390EB35E806CBC5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010852A5 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E010852A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0109EEF0(0x11779a0);
					_t104 =  *0x1178210; // 0xb22d00
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0109EB70(_t93, 0x11779a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E010C9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0109EEF0(0x11779a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0109EB70(0, 0x11779a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xb22d0d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E010BF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0109EEF0(0x11779a0);
									__eflags =  *0x1178210 - _t104; // 0xb22d00
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1178210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01104888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0109EB70(_t95, 0x11779a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010C95D0();
											L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010C95D0();
											L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0109EB70(_t93, 0x11779a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010C95D0();
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010C95D0();
										L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E010BF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                      0x010852a5
                                      0x010852ad
                                      0x010852b0
                                      0x010852b3
                                      0x010852b7
                                      0x010852ba
                                      0x010852bf
                                      0x010852c4
                                      0x010852cc
                                      0x00000000
                                      0x00000000
                                      0x010852ce
                                      0x010852d9
                                      0x010852dd
                                      0x010852e7
                                      0x010852f7
                                      0x010852f9
                                      0x010852fd
                                      0x010e0dcf
                                      0x010e0dd5
                                      0x010e0dd6
                                      0x010e0dd7
                                      0x010e0dd8
                                      0x010e0dd9
                                      0x010e0dde
                                      0x010e0ddf
                                      0x010e0de0
                                      0x010e0de1
                                      0x010e0de2
                                      0x010e0de5
                                      0x010e0dea
                                      0x010e0dec
                                      0x010e0f60
                                      0x010e0f64
                                      0x010e0f70
                                      0x010e0f76
                                      0x010e0f79
                                      0x010e0f79
                                      0x00000000
                                      0x010e0f64
                                      0x010e0df2
                                      0x010e0df7
                                      0x010e0e04
                                      0x010e0e0d
                                      0x010e0e0d
                                      0x010e0e10
                                      0x010e0e1a
                                      0x010e0e1c
                                      0x010e0e4c
                                      0x010e0e52
                                      0x010e0e61
                                      0x010e0e67
                                      0x010e0e6b
                                      0x010e0e70
                                      0x010e0e76
                                      0x010e0ed7
                                      0x010e0edc
                                      0x010e0ee0
                                      0x010e0ee6
                                      0x010e0eea
                                      0x010e0eed
                                      0x010e0ef0
                                      0x010e0ef3
                                      0x010e0ef6
                                      0x010e0ef9
                                      0x010e0efe
                                      0x010e0f01
                                      0x010e0f01
                                      0x010e0f0b
                                      0x010e0f12
                                      0x010e0f16
                                      0x010e0f18
                                      0x010e0f1b
                                      0x010e0f2c
                                      0x010e0f31
                                      0x010e0f31
                                      0x010e0f35
                                      0x010e0f39
                                      0x010e0f3a
                                      0x010e0f3c
                                      0x010e0f3f
                                      0x010e0f50
                                      0x010e0f55
                                      0x010e0f55
                                      0x010e0f59
                                      0x010852eb
                                      0x010852f1
                                      0x010852f1
                                      0x010e0e7d
                                      0x010e0e84
                                      0x010e0e88
                                      0x010e0e8a
                                      0x010e0e8d
                                      0x010e0e9e
                                      0x010e0ea3
                                      0x010e0ea3
                                      0x010e0ea7
                                      0x010e0eaf
                                      0x010e0eb3
                                      0x010e0eb9
                                      0x010e0eb9
                                      0x010e0ebc
                                      0x010e0ecd
                                      0x010e0ecd
                                      0x00000000
                                      0x010e0eb3
                                      0x010e0e21
                                      0x010e0e2b
                                      0x010e0e2f
                                      0x010e0e30
                                      0x010e0e3a
                                      0x010e0e3f
                                      0x010e0e41
                                      0x00000000
                                      0x00000000
                                      0x010e0e47
                                      0x00000000
                                      0x010e0e47
                                      0x010e0df9
                                      0x010e0dfe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e0dfe
                                      0x01085303
                                      0x01085307
                                      0x00000000
                                      0x01085309
                                      0x00000000
                                      0x01085309
                                      0x01085307
                                      0x010852e9
                                      0x010852e9
                                      0x00000000
                                      0x010852e9
                                      0x0108530e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 966245f256ab6e6e1d14add205dacc60bce824f52471e017b217760d73f50a4f
                                      • Instruction ID: 6a647e73e155a69071b29da0f510950e8e5738c619e552f8581a9be60ccc2fd5
                                      • Opcode Fuzzy Hash: 966245f256ab6e6e1d14add205dacc60bce824f52471e017b217760d73f50a4f
                                      • Instruction Fuzzy Hash: 8551AA31209342DFDB21EF68C845B6BBBE4BF60710F10091EF4D587652EBA1E840CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B2AE4 Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1178204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1178208; // 0x1178207
				_t8 = _t57 + 0x1178208; // 0x1178207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1178450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x117821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1176d5c; // 0x7fef0654
							_t72 =  *0x1176d5c; // 0x7fef0654
							_t75 =  *0x1176d5c; // 0x7fef0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1176d5c; // 0x7fef0654
							_t84 =  *0x1176d5c; // 0x7fef0654
							_t87 =  *0x1176d5c; // 0x7fef0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E010CF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                      0x010b2ae4
                                      0x010b2aec
                                      0x010b2aef
                                      0x010b2af4
                                      0x010b2af7
                                      0x010b2afd
                                      0x010b2b92
                                      0x010b2b92
                                      0x010b2b97
                                      0x010b2b9c
                                      0x010b2b9c
                                      0x010b2b03
                                      0x010b2b06
                                      0x010b2b09
                                      0x010b2b09
                                      0x010b2b0f
                                      0x010b2b15
                                      0x010b2b15
                                      0x010b2b1b
                                      0x010b2b1e
                                      0x010b2b21
                                      0x010b2b26
                                      0x010b2b29
                                      0x010b2b81
                                      0x010b2b84
                                      0x010b2c0e
                                      0x010b2c15
                                      0x010b2c24
                                      0x010b2c24
                                      0x010b2b8a
                                      0x010b2b8a
                                      0x010b2b8a
                                      0x010b2b8a
                                      0x010b2b90
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010b2b4a
                                      0x010b2b4a
                                      0x010b2b4d
                                      0x010b2b53
                                      0x00000000
                                      0x00000000
                                      0x010b2b55
                                      0x010b2b58
                                      0x010b2bb7
                                      0x010f5d1b
                                      0x010f5d37
                                      0x010f5d47
                                      0x010f5d53
                                      0x010b2bbd
                                      0x010b2bbd
                                      0x010b2bbd
                                      0x010b2bb7
                                      0x010b2b5d
                                      0x010b2c2f
                                      0x010f5d5b
                                      0x010f5d77
                                      0x010f5d87
                                      0x010f5d93
                                      0x010b2c35
                                      0x010b2c35
                                      0x010b2c35
                                      0x010b2c2f
                                      0x010b2b65
                                      0x010b2b9f
                                      0x010b2ba2
                                      0x010b2b67
                                      0x010b2b67
                                      0x010b2b69
                                      0x010b2b6b
                                      0x010b2b6e
                                      0x010b2bc9
                                      0x010b2bcc
                                      0x010b2bcf
                                      0x010b2bd4
                                      0x010b2bd6
                                      0x010b2bd6
                                      0x010b2bdb
                                      0x010b2c02
                                      0x010b2c05
                                      0x010b2c07
                                      0x00000000
                                      0x010b2c07
                                      0x010b2be0
                                      0x010b2c00
                                      0x010b2c3f
                                      0x010b2c3f
                                      0x00000000
                                      0x010b2c00
                                      0x010b2be5
                                      0x010b2be7
                                      0x010b2bec
                                      0x010b2bf4
                                      0x010b2bf6
                                      0x00000000
                                      0x010b2bf6
                                      0x010b2b70
                                      0x010b2b76
                                      0x010b2b2b
                                      0x010b2b2b
                                      0x010b2b2d
                                      0x010b2b2f
                                      0x010b2b32
                                      0x010b2b35
                                      0x010b2b3a
                                      0x00000000
                                      0x010b2b40
                                      0x010b2b43
                                      0x010b2b45
                                      0x010b2b47
                                      0x010b2b4a
                                      0x010b2b4d
                                      0x010b2b53
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010b2b53
                                      0x010b2b78
                                      0x010b2b78
                                      0x010b2b7b
                                      0x010b2b7e
                                      0x00000000
                                      0x010b2b7e
                                      0x010b2b76
                                      0x010b2ba5
                                      0x010b2ba5
                                      0x010b2ba8
                                      0x010b2bad
                                      0x00000000
                                      0x00000000
                                      0x010b2baf
                                      0x010b2baf
                                      0x010b2bc2
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a138f96a0cdc288238c12464a6d8652a16050a049922b7d788a056a03a4da050
                                      • Instruction ID: 672abe41df1828c466785d083949f0e6d35e786bdda92efaad9c79d318cc48c7
                                      • Opcode Fuzzy Hash: a138f96a0cdc288238c12464a6d8652a16050a049922b7d788a056a03a4da050
                                      • Instruction Fuzzy Hash: 4451AF76A00115CFCB18CF1CC8D09FDB7B1FB88700719855AE8969B355DB34BA91CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B3C3E Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E010B3C3E(void* __ecx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				void* _v52;
				void* __ebx;
				signed char _t59;
				intOrPtr _t65;
				signed int _t67;
				void* _t75;
				signed char* _t78;
				intOrPtr _t79;
				signed int _t91;
				signed int _t104;
				void* _t127;
				signed int _t134;
				void* _t136;

				_t136 = (_t134 & 0xfffffff8) - 0x14;
				_t127 = __ecx;
				_v20 = 0;
				E010B4E70(0x11786d0, 0x10b5330, 0, 0);
				if(E010B3FCD( &_v24) < 0 ||  *((intOrPtr*)(_t136 + 0x1c)) > 0xa) {
					_t59 = _v20;
				} else {
					_t59 = 3;
					_v20 = _t59;
				}
				_v20 = E010B3F33(_t127, _t59);
				_v28 = 0;
				_push(E010B0678(_t127, 1));
				_push(0x2000);
				_push( &_v20);
				_push(0);
				_push( &_v28);
				_push(0xffffffff);
				if(E010C9660() < 0) {
					L16:
					_t65 = 0;
					goto L13;
				} else {
					if((_v20 & 0x00000001) != 0) {
						_t67 = 1;
					} else {
						_t67 =  *0x1176240; // 0x4
					}
					_t104 = _t67 * 0x18;
					_t12 = _t104 + 0x7d0; // 0x7d1
					 *((intOrPtr*)(_t136 + 0x18)) = _t12;
					_push(E010B0678(_t127, 1));
					_push(0x1000);
					_push(_t136 + 0x20);
					_push(0);
					_push( &_v24);
					_push(0xffffffff);
					if(E010C9660() < 0) {
						 *((intOrPtr*)(_t136 + 0x18)) = 0;
						E010B174B( &_v24, _t136 + 0x18, 0x8000);
						goto L16;
					} else {
						_t75 = E010A7D50();
						_t132 = 0x7ffe0380;
						if(_t75 != 0) {
							_t78 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t78 = 0x7ffe0380;
						}
						if( *_t78 != 0) {
							_t79 =  *[fs:0x30];
							__eflags =  *(_t79 + 0x240) & 0x00000001;
							if(( *(_t79 + 0x240) & 0x00000001) == 0) {
								goto L10;
							}
							__eflags = E010A7D50();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							}
							E01141582(_t104, _t127, _v24, __eflags,  *((intOrPtr*)(_t136 + 0x20)),  *(_t127 + 0x74) << 3,  *_t132 & 0x000000ff);
							E0114138A(_t104, _t127, _v36, _v24, 9);
							goto L10;
						} else {
							L10:
							E010B3EA8(_t127, _v24, _v20);
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e4)) + _v20;
							 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + 0x1e8)) +  *((intOrPtr*)(_t136 + 0x18));
							 *((intOrPtr*)(_v28 + 0x18)) = _v20 + _v28;
							 *((intOrPtr*)(_v28 + 0x14)) =  *((intOrPtr*)(_t136 + 0x18)) + _v28;
							_t35 = _v28 + 0x7d0; // 0x7d0
							 *((intOrPtr*)(_v28 + 0x10)) = _t35 + _t104;
							_t91 =  *0x11784b4; // 0x0
							if((_t91 & 0x00000003) == 0) {
								 *0x11784b4 = _t91 | 0x00000001;
								E010B1129();
							}
							 *(_v24 + 0x1b8) = _v20;
							_t65 = _v24;
							L13:
							return _t65;
						}
					}
				}
			}























                                      0x010b3c46
                                      0x010b3c4e
                                      0x010b3c5c
                                      0x010b3c60
                                      0x010b3c70
                                      0x010b3c7d
                                      0x010f62a2
                                      0x010f62a4
                                      0x010f62a5
                                      0x010f62a5
                                      0x010b3c8b
                                      0x010b3c90
                                      0x010b3c99
                                      0x010b3c9a
                                      0x010b3ca3
                                      0x010b3ca4
                                      0x010b3ca9
                                      0x010b3caa
                                      0x010b3cb3
                                      0x010f62c5
                                      0x010f62c5
                                      0x00000000
                                      0x010b3cb9
                                      0x010b3cbe
                                      0x010f62ce
                                      0x010b3cc4
                                      0x010b3cc4
                                      0x010b3cc4
                                      0x010b3cc9
                                      0x010b3cd1
                                      0x010b3cd7
                                      0x010b3ce0
                                      0x010b3ce1
                                      0x010b3cea
                                      0x010b3ceb
                                      0x010b3cf0
                                      0x010b3cf1
                                      0x010b3cfa
                                      0x010f62b7
                                      0x010f62c0
                                      0x00000000
                                      0x010b3d00
                                      0x010b3d00
                                      0x010b3d05
                                      0x010b3d0c
                                      0x010f62dd
                                      0x010b3d12
                                      0x010b3d12
                                      0x010b3d12
                                      0x010b3d17
                                      0x010f62e7
                                      0x010f62ed
                                      0x010f62f4
                                      0x00000000
                                      0x00000000
                                      0x010f62ff
                                      0x010f6301
                                      0x010f630c
                                      0x010f630c
                                      0x010f630c
                                      0x010f6327
                                      0x010f6338
                                      0x00000000
                                      0x010b3d1d
                                      0x010b3d1d
                                      0x010b3d27
                                      0x010b3d37
                                      0x010b3d48
                                      0x010b3d58
                                      0x010b3d65
                                      0x010b3d6c
                                      0x010b3d74
                                      0x010b3d77
                                      0x010b3d7e
                                      0x010b3d83
                                      0x010b3d88
                                      0x010b3d88
                                      0x010b3d95
                                      0x010b3d9b
                                      0x010b3d9f
                                      0x010b3da5
                                      0x010b3da5
                                      0x010b3d17
                                      0x010b3cfa

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1cf44162b05c3bf378046c69cd78b2d1d42849546a97b0005c9f5800b4f5b4df
                                      • Instruction ID: 03bdaeb57893da05b87ba223a7f4fcb2e4d60232f76f2ad72ef903fe4d8a96c6
                                      • Opcode Fuzzy Hash: 1cf44162b05c3bf378046c69cd78b2d1d42849546a97b0005c9f5800b4f5b4df
                                      • Instruction Fuzzy Hash: FC518F71608341AFC740DF69D884AAABBE8FF88214F14496DF9D9CB281D771E905CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010ADBE9 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E010ADBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0108CC50(E01084510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E010A7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01158ED6(_t102, _t98);
						}
						_t76 = _v44;
						E010A2280(_t58, _v44);
						E010ADD82(_v44, _t102, _t98);
						E010AB944(_t102, _v5);
						return E0109FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1178628; // 0x0
							_v28 = _t67;
							_t68 =  *0x117862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1178628; // 0x0
						_t105 = _v28;
						_t80 =  *0x117862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x114fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                      0x010adbe9
                                      0x010adbf2
                                      0x010adbf7
                                      0x010adbf9
                                      0x010adbfc
                                      0x010adc00
                                      0x010adc03
                                      0x010adc14
                                      0x010add54
                                      0x010add54
                                      0x010add54
                                      0x010adc18
                                      0x010adc1d
                                      0x010adc1d
                                      0x010adc32
                                      0x010adc3b
                                      0x010adc3e
                                      0x010adc46
                                      0x010add5b
                                      0x010add62
                                      0x010add64
                                      0x010add67
                                      0x010add69
                                      0x010add6b
                                      0x010add6e
                                      0x010add70
                                      0x010add73
                                      0x010add73
                                      0x00000000
                                      0x010adc4c
                                      0x010adc4e
                                      0x010f3ae3
                                      0x010f3ae8
                                      0x010f3aea
                                      0x010adce7
                                      0x010adce9
                                      0x010adcec
                                      0x010adcee
                                      0x010adcf0
                                      0x010adcf3
                                      0x010adcf5
                                      0x010f3af2
                                      0x010f3af5
                                      0x010f3af5
                                      0x010add06
                                      0x010add08
                                      0x010add0b
                                      0x010add12
                                      0x010f3b08
                                      0x010add18
                                      0x010add18
                                      0x010add18
                                      0x010add20
                                      0x010add23
                                      0x010f3b16
                                      0x010f3b16
                                      0x010add29
                                      0x010add2d
                                      0x010add36
                                      0x010add40
                                      0x010add51
                                      0x010add51
                                      0x010adc54
                                      0x010adc59
                                      0x010adc59
                                      0x010adc5e
                                      0x010adc5e
                                      0x010adc63
                                      0x010adc66
                                      0x010adc6b
                                      0x010adc78
                                      0x010adc7b
                                      0x010adc81
                                      0x010adc81
                                      0x010adc83
                                      0x010adc89
                                      0x00000000
                                      0x00000000
                                      0x010add7b
                                      0x010add7b
                                      0x010adc8f
                                      0x010adc8f
                                      0x010adc92
                                      0x010adc99
                                      0x010adc9f
                                      0x010adca5
                                      0x010adcaa
                                      0x010adcaa
                                      0x010adcb3
                                      0x010adcb8
                                      0x010adcbb
                                      0x010adcc1
                                      0x010adccf
                                      0x010adcd2
                                      0x010adcd5
                                      0x010adcd7
                                      0x010adcda
                                      0x010adcdc
                                      0x010adcdc
                                      0x010adce2
                                      0x010adce4
                                      0x00000000
                                      0x010adce4

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f5676addf1632e918a42898609921a2b0b1f05e3ffff34ab936f5408dc38011
                                      • Instruction ID: 7448b6dfb5c2081da45606dce38a67e6b9ac6cb4c2ab03eb3755e5e755358e02
                                      • Opcode Fuzzy Hash: 2f5676addf1632e918a42898609921a2b0b1f05e3ffff34ab936f5408dc38011
                                      • Instruction Fuzzy Hash: 5151A171A0161ADFCB14DFE8C490A9EFBF1BF48310F6481AAD595EB745DB30A944CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109EF40 Relevance: .1, Instructions: 147COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E0109EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01089080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7788c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01082D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                      0x0109ef4b
                                      0x0109ef4d
                                      0x0109ef57
                                      0x0109f0bd
                                      0x0109f0c2
                                      0x0109f0d2
                                      0x0109f0d2
                                      0x0109f0c2
                                      0x0109ef5d
                                      0x0109ef5f
                                      0x0109ef67
                                      0x0109ef6a
                                      0x0109ef6d
                                      0x0109ef74
                                      0x0109ef7f
                                      0x0109ef82
                                      0x0109ef82
                                      0x0109ef86
                                      0x0109ef88
                                      0x0109ef8c
                                      0x0109ef8f
                                      0x0109ef8f
                                      0x0109ef8f
                                      0x00000000
                                      0x0109ef91
                                      0x0109ef93
                                      0x0109efc4
                                      0x0109efc4
                                      0x0109efc4
                                      0x0109efca
                                      0x0109efd0
                                      0x0109f0a6
                                      0x00000000
                                      0x00000000
                                      0x0109f0af
                                      0x010ebb06
                                      0x010ebb0a
                                      0x0109f0b5
                                      0x0109f0b5
                                      0x0109f0b5
                                      0x0109f0b5
                                      0x00000000
                                      0x0109efd6
                                      0x0109efd9
                                      0x0109f0de
                                      0x0109f0e2
                                      0x0109efdf
                                      0x0109efdf
                                      0x0109efdf
                                      0x0109efe5
                                      0x010ebafc
                                      0x010ebafc
                                      0x0109efe5
                                      0x0109efeb
                                      0x0109efed
                                      0x0109f00f
                                      0x0109f011
                                      0x0109f01a
                                      0x0109f01d
                                      0x0109f021
                                      0x0109f028
                                      0x0109f029
                                      0x0109f029
                                      0x0109f02c
                                      0x00000000
                                      0x0109f02c
                                      0x0109eff3
                                      0x0109eff9
                                      0x0109f0ea
                                      0x0109f0ed
                                      0x0109f0ef
                                      0x00000000
                                      0x0109f0ef
                                      0x0109f003
                                      0x010ebb12
                                      0x0109f045
                                      0x0109f049
                                      0x0109f051
                                      0x0109f09e
                                      0x0109f0a0
                                      0x0109f0a0
                                      0x0109f09e
                                      0x0109f053
                                      0x0109f064
                                      0x0109f064
                                      0x0109f06b
                                      0x010ebb1a
                                      0x010ebb1a
                                      0x0109f071
                                      0x0109f071
                                      0x0109f07d
                                      0x0109f082
                                      0x0109f08f
                                      0x0109f08f
                                      0x0109f009
                                      0x0109f00d
                                      0x00000000
                                      0x0109f00d
                                      0x0109efd0
                                      0x0109ef97
                                      0x0109efa5
                                      0x0109efaa
                                      0x00000000
                                      0x0109efac
                                      0x0109efac
                                      0x0109efac
                                      0x00000000
                                      0x0109efb2
                                      0x0109f036
                                      0x0109f03a
                                      0x0109f040
                                      0x0109f090
                                      0x00000000
                                      0x0109f092
                                      0x0109f042
                                      0x00000000
                                      0x0109f042
                                      0x0109efb7
                                      0x0109efb9
                                      0x0109efbc
                                      0x0109efb0
                                      0x0109efb0
                                      0x00000000
                                      0x0109efbe
                                      0x0109efbe
                                      0x0109efc1
                                      0x00000000
                                      0x0109efc1
                                      0x0109efbc
                                      0x0109efaa
                                      0x0109ef91

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction ID: fd01bb0daec7db8c2bd0db72bbf0658f0618bf902a3c6963a0579f3cc3d5714a
                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction Fuzzy Hash: A251E330A0424ADFEF61CB69C0B47AEBFF1AF45314F1881E9E5C597282C375A989E741
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0115740D Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 84%
                                      			E0115740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E010DD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E010CF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = E010A4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = E010A4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E010CF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = E010A4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                      0x0115740d
                                      0x0115740d
                                      0x01157412
                                      0x01157413
                                      0x01157416
                                      0x01157418
                                      0x0115741c
                                      0x0115741f
                                      0x01157422
                                      0x01157422
                                      0x01157428
                                      0x0115742a
                                      0x0115742a
                                      0x01157451
                                      0x01157432
                                      0x0115744f
                                      0x0115744f
                                      0x00000000
                                      0x01157434
                                      0x01157438
                                      0x01157443
                                      0x01157517
                                      0x01157517
                                      0x0115751a
                                      0x01157535
                                      0x01157520
                                      0x01157527
                                      0x0115752c
                                      0x01157531
                                      0x01157533
                                      0x00000000
                                      0x01157533
                                      0x00000000
                                      0x01157531
                                      0x0115754b
                                      0x0115754f
                                      0x0115755c
                                      0x0115755c
                                      0x0115755f
                                      0x01157560
                                      0x01157561
                                      0x01157562
                                      0x01157563
                                      0x01157568
                                      0x0115756a
                                      0x0115756c
                                      0x0115756d
                                      0x0115756d
                                      0x0115756f
                                      0x01157572
                                      0x01157574
                                      0x01157577
                                      0x0115757c
                                      0x0115757f
                                      0x00000000
                                      0x01157551
                                      0x01157551
                                      0x01157551
                                      0x01157553
                                      0x01157553
                                      0x01157449
                                      0x01157449
                                      0x0115744c
                                      0x0115744c
                                      0x00000000
                                      0x0115744c
                                      0x01157443
                                      0x0115750e
                                      0x01157514
                                      0x01157514
                                      0x01157455
                                      0x01157469
                                      0x0115746d
                                      0x00000000
                                      0x01157473
                                      0x01157473
                                      0x01157476
                                      0x01157480
                                      0x01157484
                                      0x0115748e
                                      0x01157493
                                      0x01157493
                                      0x01157496
                                      0x01157499
                                      0x011574a1
                                      0x011574b1
                                      0x011574b5
                                      0x00000000
                                      0x011574bb
                                      0x011574c1
                                      0x011574c1
                                      0x011574c4
                                      0x011574c5
                                      0x011574c6
                                      0x011574c7
                                      0x011574c8
                                      0x011574cd
                                      0x00000000
                                      0x011574d3
                                      0x011574d3
                                      0x011574d6
                                      0x011574d8
                                      0x011574db
                                      0x011574dd
                                      0x011574e0
                                      0x011574e7
                                      0x011574ee
                                      0x011574ee
                                      0x011574f4
                                      0x011574f9
                                      0x00000000
                                      0x011574fb
                                      0x011574fb
                                      0x011574fd
                                      0x01157500
                                      0x01157503
                                      0x01157505
                                      0x01157505
                                      0x011574f9
                                      0x00000000
                                      0x011574cd
                                      0x011574b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction ID: 333e343642fe668038c9e3e3a3614bd1345f65a1a63a9c5442b14db7868aa695
                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction Fuzzy Hash: A451AD71600646EFDB5ACF58C481A96BBB5FF44308F55C0AAE908DF252E371E946CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C4D51 Relevance: .1, Instructions: 139COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E010C4D51(intOrPtr* __ecx, intOrPtr* __edx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __ebx;
				signed int* _t57;
				signed int _t63;
				intOrPtr _t68;
				char* _t72;
				signed int _t80;
				signed int _t89;
				signed int _t91;
				intOrPtr* _t97;
				intOrPtr _t99;
				signed int _t100;
				signed int _t101;
				signed int _t105;
				void* _t107;
				intOrPtr* _t108;
				signed int _t113;

				_t97 = __ecx;
				_v16 = __edx;
				_v12 = __ecx;
				if( *__ecx != __edx) {
					asm("sbb eax, eax");
					_t105 = 0;
					_v8 = 0;
					_t80 = 0;
					_t4 = _t97 + 0x10; // 0x10
					_t57 = _t4;
					_v24 = _t57;
					while(1) {
						_t113 =  *_t57;
						_v20 = _t113;
						if((_t113 >> 0x00000010 & 0x00008000) != 0) {
							goto L23;
						}
						if(_t113 == 0) {
							L20:
							goto L2;
						}
						asm("lock cmpxchg [edx], ecx");
						_t97 = _v12;
						if(_t113 != _t113) {
							goto L23;
						}
						L7:
						if(_t113 == 0xffffffff) {
							goto L20;
						}
						if(_t113 == 0) {
							L19:
							 *_v24 = _t113;
							goto L20;
						}
						_t63 =  *_t97 + 0x50;
						_v28 =  ~( *(_t97 + 0x18) & 0x0000ffff);
						_v8 = _t63;
						do {
							_t107 =  *_t63;
							_t99 =  *((intOrPtr*)(_t63 + 4));
							_v32 = _t99;
							asm("lock cmpxchg8b [esi]");
							_t63 = _v8;
						} while (_t107 != _t107 || _t99 != _v32);
						_t113 = _v20;
						_t100 =  *(_v12 + 0x18) & 0x0000ffff;
						_v8 = _t100;
						_t108 = _v16 + 0x50;
						do {
							_t68 =  *_t108;
							_t89 =  *(_t108 + 4);
							_v32 = _t68;
							_v28 = _t89;
							_t31 = _t89 + 1; // 0x1
							_t101 = _t31;
							if(_t100 == 0) {
								_t40 = _t89 - 1; // -1
								_t101 = _t40;
							}
							_v20 = _t101;
							asm("lock cmpxchg8b [edi]");
							_t91 = _t89;
							_t100 = _v8;
						} while (_t68 != _v32 || _t91 != _v28);
						_t84 = _v12;
						 *_v12 = _v16;
						_t105 = 1;
						if(E010A7D50() != 0) {
							_t72 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t72 = 0x7ffe0380;
						}
						if( *_t72 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E0114129A(_t84,  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0xc)) + 0xc)),  *((intOrPtr*)(_t84 + 4)), ( *( *[fs:0x18] + 0xfa8) & 0x0000ffff) - 1);
							}
						}
						goto L19;
						L23:
						_t80 = _t80 + 1;
						if(_t80 <= _v8) {
							_t41 = _t97 + 0x10; // 0x10
							_t57 = _t41;
							continue;
						}
						_t113 = _t113 | 0xffffffff;
						_v20 = _t113;
						goto L7;
					}
				} else {
					_t105 = 1;
					L2:
					return _t105;
				}
			}


























                                      0x010c4d5b
                                      0x010c4d5e
                                      0x010c4d61
                                      0x010c4d66
                                      0x010c4d7d
                                      0x010c4d82
                                      0x010c4d84
                                      0x010c4d87
                                      0x010c4d89
                                      0x010c4d89
                                      0x010c4d8d
                                      0x010c4d90
                                      0x010c4d90
                                      0x010c4d97
                                      0x010c4d9f
                                      0x00000000
                                      0x00000000
                                      0x010c4da8
                                      0x010c4e82
                                      0x00000000
                                      0x010c4e83
                                      0x010c4dbb
                                      0x010c4dbf
                                      0x010c4dc4
                                      0x00000000
                                      0x00000000
                                      0x010c4dca
                                      0x010c4dcd
                                      0x00000000
                                      0x00000000
                                      0x010c4dd5
                                      0x010c4e7d
                                      0x010c4e80
                                      0x00000000
                                      0x010c4e80
                                      0x010c4de3
                                      0x010c4de6
                                      0x010c4de9
                                      0x010c4dec
                                      0x010c4dec
                                      0x010c4dee
                                      0x010c4df3
                                      0x010c4dff
                                      0x010c4e08
                                      0x010c4e08
                                      0x010c4e15
                                      0x010c4e18
                                      0x010c4e22
                                      0x010c4e25
                                      0x010c4e27
                                      0x010c4e27
                                      0x010c4e2b
                                      0x010c4e2e
                                      0x010c4e31
                                      0x010c4e37
                                      0x010c4e37
                                      0x010c4e3a
                                      0x010c4e89
                                      0x010c4e89
                                      0x010c4e89
                                      0x010c4e3c
                                      0x010c4e44
                                      0x010c4e48
                                      0x010c4e4a
                                      0x010c4e4d
                                      0x010c4e57
                                      0x010c4e5d
                                      0x010c4e61
                                      0x010c4e69
                                      0x010ff2a8
                                      0x010c4e6f
                                      0x010c4e6f
                                      0x010c4e6f
                                      0x010c4e77
                                      0x010ff2bf
                                      0x010ff2e2
                                      0x010ff2e2
                                      0x010ff2bf
                                      0x00000000
                                      0x010ff28e
                                      0x010ff28e
                                      0x010ff292
                                      0x010ff286
                                      0x010ff286
                                      0x00000000
                                      0x010ff286
                                      0x010ff294
                                      0x010ff297
                                      0x00000000
                                      0x010ff297
                                      0x010c4d68
                                      0x010c4d6a
                                      0x010c4d6b
                                      0x010c4d71
                                      0x010c4d71

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                      • Instruction ID: 3e1564d7a754417e812c9f8361f870cc2884cf354df3ad22167459e7f832a3c8
                                      • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                      • Instruction Fuzzy Hash: 9E515636A00215CFCB55DF88C490AADB7F1BF88B10F2581A9D995EB251D730AE81CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B2990 Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E010B2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x115ff00);
				E010DD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1061664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E010CE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1061668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E011051BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x106166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E010B2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01096600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E010B2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0109EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E010B2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E010B2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E010B2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E010DD0D1(_t62);
				goto L28;
			}





















                                      0x010b2990
                                      0x010b2992
                                      0x010b2997
                                      0x010b29a3
                                      0x010b29a6
                                      0x010b29ab
                                      0x010b29ad
                                      0x010b29b2
                                      0x010f5c80
                                      0x010b29b8
                                      0x010b29b8
                                      0x010b29bb
                                      0x010b29c0
                                      0x010b29c5
                                      0x010b29c6
                                      0x010b29c6
                                      0x010b29cb
                                      0x00000000
                                      0x00000000
                                      0x010b29cd
                                      0x010b29d0
                                      0x010b29d9
                                      0x010b29db
                                      0x010b29dd
                                      0x010b2a7f
                                      0x010b2a84
                                      0x010b2a87
                                      0x010b2a89
                                      0x010f5ca1
                                      0x010f5ca3
                                      0x00000000
                                      0x010b2a8f
                                      0x010b2a8f
                                      0x00000000
                                      0x010b2a8f
                                      0x00000000
                                      0x010b29e3
                                      0x010b29e3
                                      0x010b29e3
                                      0x00000000
                                      0x010b29e3
                                      0x010b29dd
                                      0x00000000
                                      0x010b29db
                                      0x010b29e6
                                      0x010b29e9
                                      0x010b29eb
                                      0x010b29ed
                                      0x010b29f3
                                      0x010b29f5
                                      0x010b29f8
                                      0x010b29fa
                                      0x010b2a97
                                      0x010b2a9a
                                      0x010b2a9d
                                      0x010b2add
                                      0x00000000
                                      0x010b2a9f
                                      0x010b2aa2
                                      0x010b2aa5
                                      0x010b2aa8
                                      0x010b2aab
                                      0x010f5cab
                                      0x010f5caf
                                      0x010f5cc5
                                      0x010f5cda
                                      0x010f5cdc
                                      0x010f5cdf
                                      0x010f5ce5
                                      0x00000000
                                      0x010f5ceb
                                      0x010f5ced
                                      0x010f5cee
                                      0x00000000
                                      0x010f5cee
                                      0x010f5cb1
                                      0x010f5cb4
                                      0x010f5cb9
                                      0x010f5cbb
                                      0x00000000
                                      0x010f5cbd
                                      0x010f5cbd
                                      0x00000000
                                      0x010f5cbd
                                      0x010f5cbb
                                      0x010b2ab1
                                      0x010b2ab1
                                      0x010b2ac4
                                      0x010b2ac6
                                      0x010b2ac6
                                      0x00000000
                                      0x010b2ac6
                                      0x010b2aab
                                      0x00000000
                                      0x010b2a00
                                      0x010b2a09
                                      0x010b2a0e
                                      0x010b2a21
                                      0x010b2a24
                                      0x010b2a35
                                      0x010b2a3a
                                      0x010b2a3d
                                      0x010b2a42
                                      0x010b2a59
                                      0x010b2a59
                                      0x010b2a5c
                                      0x010b2a5f
                                      0x010b2a5f
                                      0x010b29fa
                                      0x010b29f3
                                      0x010b2a64
                                      0x010b2a64
                                      0x010b2a6b
                                      0x010b2a6b
                                      0x010b2a6d
                                      0x010b2a72
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca1fa5289621fa161777ad1bbe440fcb72bc42eaf0561b8d8d504466c0a138aa
                                      • Instruction ID: 82d39199c7c63587c12f4f5df61d054030fda37cbaf7508e513cc7b2b017d132
                                      • Opcode Fuzzy Hash: ca1fa5289621fa161777ad1bbe440fcb72bc42eaf0561b8d8d504466c0a138aa
                                      • Instruction Fuzzy Hash: 4A51893190020ADFDF26DF99C880ADEBBB5FF58350F158159E995AB260C335AD52CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01085050 Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E01085050(void* _a4) {
				char _v24;
				signed int _v28;
				void* _v30;
				intOrPtr _v32;
				void* _v44;
				void* _v46;
				void* _v48;
				void* _v52;
				void* _v60;
				void* _v72;
				intOrPtr _t34;
				short _t36;
				signed int _t38;
				signed short _t41;
				signed int _t51;
				short _t60;
				intOrPtr _t68;
				intOrPtr _t73;
				signed int _t77;
				short _t78;
				short _t79;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;

				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *((intOrPtr*)(_t34 + 0x18));
				_t73 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 =  *((intOrPtr*)(_t34 + 0x18));
				if(E0108519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				_t62 = _a4;
				if(E010A74C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t77 =  *(_t73 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = E010A4620(_t62, _t58, 0, _t77);
						_v28 = _t38;
						if(_t38 == 0) {
							break;
						}
						 *((short*)(_t83 + 0x18)) = 0;
						if(_t77 > 0xffff) {
							 *(_t83 + 0x1a) = 0xffff;
							L25:
							_t78 = 0xc0000095;
							L26:
							L010A77F0(_t58, 0, _t38);
							_t36 = _t78;
							goto L14;
						}
						 *(_t83 + 0x1a) = _t77;
						_t79 = E010A6E30(_a4, _t77, _t38, 0, 0, _t83 + 0x20);
						if(_t79 == 0) {
							_t78 = 0xc0000033;
							L23:
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L26;
						}
						_t41 =  *(_t83 + 0x1a);
						_t62 = (_t41 & 0x0000ffff) - 4;
						if(_t79 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 =  *(_t83 + 0x1a);
								goto L7;
							}
							L010A77F0(_t58, 0,  *((intOrPtr*)(_t83 + 0x1c)));
							_t77 = _t79 + 4;
							continue;
						}
						L7:
						_t71 = _t41 & 0x0000ffff;
						if(_t79 > (_t41 & 0x0000ffff)) {
							_t78 = 0xc0000106;
							goto L23;
						}
						_t91 = _t79 - 0xffff;
						if(_t79 > 0xffff) {
							 *((short*)(_t83 + 0x18)) = 0xffff;
							_t38 =  *((intOrPtr*)(_t83 + 0x1c));
							goto L25;
						}
						 *((short*)(_t83 + 0x18)) = _t79;
						_t60 = E010BF0BF(_t83 + 0x1c, _t71, _t91,  &_v24);
						L010A77F0(_v32, 0,  *((intOrPtr*)(_t83 + 0x1c)));
						if(_t60 >= 0) {
							E0109EEF0(0x11779a0);
							_t68 = _v28;
							_t80 =  *0x1178210; // 0xb22d00
							 *((intOrPtr*)(_t73 + 0x2c)) =  *((intOrPtr*)(_t68 + 4));
							 *((intOrPtr*)(_t73 + 0x28)) =  *((intOrPtr*)(_t68 + 0x10));
							 *((short*)(_t73 + 0x24)) =  *((intOrPtr*)(_t68 + 0xc));
							 *0x1178210 = _t68;
							_t51 = E0109EB70(_t68, 0x11779a0);
							if(_t80 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t80 + 4)));
									E010C95D0();
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t80);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}



























                                      0x01085058
                                      0x0108505b
                                      0x01085066
                                      0x0108506a
                                      0x0108506d
                                      0x01085078
                                      0x0108519a
                                      0x01085191
                                      0x01085197
                                      0x01085197
                                      0x0108507e
                                      0x01085088
                                      0x010e0c21
                                      0x0108508e
                                      0x0108508e
                                      0x01085092
                                      0x01085096
                                      0x0108509b
                                      0x010850a1
                                      0x00000000
                                      0x00000000
                                      0x010850ae
                                      0x010850b5
                                      0x010e0c72
                                      0x010e0c77
                                      0x010e0c77
                                      0x010e0c7c
                                      0x010e0c80
                                      0x010e0c85
                                      0x00000000
                                      0x010e0c85
                                      0x010850bf
                                      0x010850d4
                                      0x010850d8
                                      0x010e0c67
                                      0x010e0c6c
                                      0x010e0c6c
                                      0x00000000
                                      0x010e0c6c
                                      0x010850de
                                      0x010850e6
                                      0x010850eb
                                      0x010e0c31
                                      0x010e0c35
                                      0x010e0c4b
                                      0x00000000
                                      0x010e0c4b
                                      0x010e0c3e
                                      0x010e0c43
                                      0x00000000
                                      0x010e0c43
                                      0x010850f1
                                      0x010850f1
                                      0x010850f6
                                      0x010e0c55
                                      0x00000000
                                      0x010e0c55
                                      0x01085101
                                      0x01085103
                                      0x010e0c5c
                                      0x010e0c61
                                      0x00000000
                                      0x010e0c61
                                      0x0108510d
                                      0x01085120
                                      0x01085128
                                      0x0108512f
                                      0x01085136
                                      0x0108513b
                                      0x0108513f
                                      0x0108514d
                                      0x01085153
                                      0x0108515a
                                      0x0108515e
                                      0x01085164
                                      0x0108516b
                                      0x01085170
                                      0x01085174
                                      0x01085176
                                      0x01085179
                                      0x0108518a
                                      0x0108518a
                                      0x01085174
                                      0x0108516b
                                      0x0108518f
                                      0x00000000
                                      0x0108518f
                                      0x010e0c8c
                                      0x010e0c8c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2bbd5ecdb05f1843c9b2602470c2cd7bb9311b4ee0420e40bf8f4833da0a0194
                                      • Instruction ID: 190df78e094a176849451b1285af8fa8459f0795ae1e61ec7f092c4fdcffa25c
                                      • Opcode Fuzzy Hash: 2bbd5ecdb05f1843c9b2602470c2cd7bb9311b4ee0420e40bf8f4833da0a0194
                                      • Instruction Fuzzy Hash: DC41CE366083029FC720EF29CC80BAABBE4AF54750F114929F9D59B391E7A1DC51C7D5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B4BAD Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E010B4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x117d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0108CC50(_t86);
					L11:
					return E010CB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1178504
				E010A2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E010CFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E010CB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = E010A4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0108CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1178504
								E0109FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E010B4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                      0x010b4bad
                                      0x010b4bbf
                                      0x010b4bc2
                                      0x010b4bc6
                                      0x010b4bcd
                                      0x010b4bd9
                                      0x010f67fe
                                      0x010f6800
                                      0x010b4ccc
                                      0x010b4ccd
                                      0x010b4cb7
                                      0x010b4cc9
                                      0x010b4cc9
                                      0x010b4bdf
                                      0x010b4be5
                                      0x00000000
                                      0x00000000
                                      0x010b4beb
                                      0x010b4bef
                                      0x00000000
                                      0x00000000
                                      0x010b4bf5
                                      0x010b4bf9
                                      0x010b4c06
                                      0x010b4c0b
                                      0x010b4c17
                                      0x010b4c1c
                                      0x010b4c1f
                                      0x010b4c25
                                      0x010b4c33
                                      0x010b4c3d
                                      0x010b4c40
                                      0x010b4c43
                                      0x010b4c47
                                      0x010b4c4d
                                      0x010b4c53
                                      0x010b4c54
                                      0x010b4c55
                                      0x010b4c56
                                      0x010b4c5b
                                      0x010b4c5c
                                      0x010b4c63
                                      0x010b4c6b
                                      0x00000000
                                      0x00000000
                                      0x010f6776
                                      0x010f6784
                                      0x010f6784
                                      0x010f679f
                                      0x010f67a7
                                      0x010f67af
                                      0x010f67ce
                                      0x00000000
                                      0x010f67b1
                                      0x010f67b7
                                      0x010f67b8
                                      0x010f67c1
                                      0x010f67d3
                                      0x010f67d9
                                      0x010f67dd
                                      0x010b4c94
                                      0x010b4c94
                                      0x010b4c98
                                      0x010b4c9c
                                      0x010b4ca3
                                      0x010f67f4
                                      0x010f67f4
                                      0x010b4cb5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010b4cb5
                                      0x010b4c79
                                      0x010b4c7e
                                      0x010b4c89
                                      0x010b4c8b
                                      0x010b4c8f
                                      0x010b4c8f
                                      0x00000000
                                      0x010b4c89
                                      0x010f67c3
                                      0x00000000
                                      0x010f67c3
                                      0x010f67af
                                      0x010b4c73
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1578e36bde2ba75fee4e01d06eeae43ac976697b3c7609fc27b80adfe6ffbdb
                                      • Instruction ID: a8a4d31e0b7e28019524f5b959952f1dd1537dcd4e9a6e227f9ae08a4adc7898
                                      • Opcode Fuzzy Hash: c1578e36bde2ba75fee4e01d06eeae43ac976697b3c7609fc27b80adfe6ffbdb
                                      • Instruction Fuzzy Hash: A2418235A0022D9BDB61DF68C981BEE77F4FF45B00F0100A9E989EB242D7759E84CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B4D3B Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E010B4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x117d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E010CFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1177bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E010CB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = E010A4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0108CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E010CB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E010CF380(_t67 + 0xc, 0x1065138, 0x10) == 0) {
								 *0x11760d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E010B4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E010B4E70(0x11786b0, 0x10b5690, 0, 0) != 0) {
					_t46 = E0108CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                      0x010b4d3b
                                      0x010b4d4d
                                      0x010b4d53
                                      0x010b4d58
                                      0x010b4d65
                                      0x010b4d6c
                                      0x010b4d71
                                      0x010b4d77
                                      0x010b4d7f
                                      0x010b4d8c
                                      0x010b4d8e
                                      0x010b4dad
                                      0x010b4db0
                                      0x010b4db7
                                      0x010b4db8
                                      0x010b4db9
                                      0x010b4dba
                                      0x010b4dbb
                                      0x010b4dc1
                                      0x010b4dc8
                                      0x010b4dcc
                                      0x010b4dd5
                                      0x010b4dde
                                      0x010b4ddf
                                      0x010b4de0
                                      0x010b4de1
                                      0x010b4de6
                                      0x010b4de7
                                      0x010b4de9
                                      0x010b4df3
                                      0x00000000
                                      0x00000000
                                      0x010f6c7c
                                      0x010f6c8a
                                      0x010f6c8a
                                      0x010f6c9d
                                      0x010f6ca7
                                      0x010f6cac
                                      0x010f6cb2
                                      0x010f6cb9
                                      0x00000000
                                      0x010f6cbf
                                      0x010f6cbf
                                      0x00000000
                                      0x010f6cbf
                                      0x010f6cb9
                                      0x010b4dfb
                                      0x010f6ccf
                                      0x010f6cd3
                                      0x010b4e32
                                      0x010b4e39
                                      0x010f6ce0
                                      0x010f6cf2
                                      0x010f6cf2
                                      0x010f6ce0
                                      0x010b4e3f
                                      0x010b4e41
                                      0x010b4e51
                                      0x010b4e51
                                      0x010b4e03
                                      0x010b4e03
                                      0x010b4e09
                                      0x010b4e0f
                                      0x010b4e57
                                      0x00000000
                                      0x00000000
                                      0x010b4e1b
                                      0x010b4e30
                                      0x010b4e5b
                                      0x010b4e5b
                                      0x00000000
                                      0x010b4e30
                                      0x010b4e11
                                      0x010b4e11
                                      0x010b4e16
                                      0x00000000
                                      0x010b4e16
                                      0x010b4e01
                                      0x00000000
                                      0x010b4e01
                                      0x010b4da5
                                      0x010f6c6b
                                      0x00000000
                                      0x010b4dab
                                      0x010b4dab
                                      0x00000000
                                      0x010b4dab

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d78198b69a4227715b236adddede374cf270375f1ac48ffcbfb7b0cb7f7b05a
                                      • Instruction ID: 20de675bf1b3a49411dac25e22b84683595949c03ab3bcf53d575c546e859a8c
                                      • Opcode Fuzzy Hash: 7d78198b69a4227715b236adddede374cf270375f1ac48ffcbfb7b0cb7f7b05a
                                      • Instruction Fuzzy Hash: BB41B271A443189FEB22DF18CC81FEAB7A9EB14710F0040A9E9D6DB282D771DE44CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AF86D Relevance: .1, Instructions: 124COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E010AF86D(void* __ebx, signed int __ecx, unsigned int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				unsigned int* _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x115feb8);
				E010DD08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E011588F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E010B3E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E010DD0D1(_t31);
						}
						E010A2280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E010AF9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E01089100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x11786c0;
						if(_t70 != 0x11786c0) {
							__eflags = _t70 - 0x11786b8;
							if(_t70 != 0x11786b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E010B5AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E010895F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x1178754; // 0x0
						__eflags = _t46;
						if(_t46 != 0) {
							E010B5AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E010B5AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E010C5C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x1178750; // 0x0
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E0108B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					L010AFAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E010AF9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                                      0x010af86d
                                      0x010af86d
                                      0x010af86d
                                      0x010af86f
                                      0x010af874
                                      0x010af879
                                      0x010af87b
                                      0x010af87e
                                      0x010af880
                                      0x010af883
                                      0x010af888
                                      0x010f47c9
                                      0x010f47ce
                                      0x00000000
                                      0x010af8b1
                                      0x010af8b4
                                      0x010af8f1
                                      0x010af8f1
                                      0x010af900
                                      0x010af902
                                      0x010af905
                                      0x010af907
                                      0x010af9a9
                                      0x010af9a9
                                      0x010af8e9
                                      0x010af8ee
                                      0x010af8ee
                                      0x010af90e
                                      0x010af913
                                      0x010af91c
                                      0x010af91e
                                      0x010af9e4
                                      0x010af98b
                                      0x010af98b
                                      0x010af992
                                      0x010af997
                                      0x010af99a
                                      0x010af99c
                                      0x010af9e9
                                      0x010af9ea
                                      0x010af9ea
                                      0x010af99e
                                      0x010af9a0
                                      0x010af9a7
                                      0x010af9a7
                                      0x00000000
                                      0x010af9a0
                                      0x010af924
                                      0x010af92a
                                      0x010af9b0
                                      0x010af9b6
                                      0x010af982
                                      0x010af985
                                      0x010af987
                                      0x010af987
                                      0x010af987
                                      0x00000000
                                      0x010af987
                                      0x010af9be
                                      0x010af9c6
                                      0x010af9cb
                                      0x010af9cb
                                      0x010af9cd
                                      0x010af9cf
                                      0x010af9d2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010af9d4
                                      0x010af930
                                      0x010af935
                                      0x010af937
                                      0x010f47a3
                                      0x010af93d
                                      0x010af942
                                      0x010af94a
                                      0x010af94c
                                      0x010af94e
                                      0x010af94e
                                      0x010af954
                                      0x010af95e
                                      0x010af961
                                      0x010af966
                                      0x010af968
                                      0x010af96a
                                      0x010af96a
                                      0x010af970
                                      0x010af970
                                      0x010af975
                                      0x010af97a
                                      0x010af97c
                                      0x010f47b1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010af97c
                                      0x010af8b6
                                      0x010af8bb
                                      0x010af8c0
                                      0x010af8c8
                                      0x010af8ca
                                      0x010af8cf
                                      0x010af8d1
                                      0x010af8d1
                                      0x010af8d5
                                      0x010af8dc
                                      0x010af8e5
                                      0x00000000
                                      0x010af8e7
                                      0x010af8e7
                                      0x00000000
                                      0x010af8e7
                                      0x010af8e5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbef750d0b30fe6235bb704194141126112f9194b18c9d756abf8bc1938c21a8
                                      • Instruction ID: 4166d75c626e963598788ddd54d5ef5722ac15097abd85b850e47d5fdb5dc9e2
                                      • Opcode Fuzzy Hash: fbef750d0b30fe6235bb704194141126112f9194b18c9d756abf8bc1938c21a8
                                      • Instruction Fuzzy Hash: 95419F71A00307AFEB62AFECC880BEEB6F5BF58714F640059E9C1E7251D77598408BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01081AA0 Relevance: .1, Instructions: 123COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                      • Instruction ID: 613923c3177844405c244df7892bdbf8c695f36a66f2cd861ac58e65ffd1ca07
                                      • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                      • Instruction Fuzzy Hash: 51414C71A04605EFDB24DF99C980AAEBBF9FF08710B2045ADE5D6D7690E330EA45CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108649B Relevance: .1, Instructions: 123COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 89%
                                      			E0108649B(signed int __ecx, signed int __edx) {
				signed int _v8;
				char _v40;
				void* _v80;
				short _v82;
				char _v84;
				short _v88;
				char _v92;
				void* _v96;
				void* _v98;
				void* _v100;
				void* _v104;
				void* _v106;
				void* _v108;
				void* _v112;
				void* _v120;
				void* _v122;
				void* _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t37;
				short _t41;
				void* _t43;
				short _t45;
				void* _t65;
				short* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				signed int _t77;
				signed int _t79;

				_t69 = __edx;
				_t79 = (_t77 & 0xfffffff8) - 0x5c;
				_v8 =  *0x117d360 ^ _t79;
				_t71 = __edx;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				if(__edx == 0) {
					_t37 = 0xc000000d;
					L7:
					_pop(_t72);
					_pop(_t74);
					_pop(_t65);
					return E010CB640(_t37, _t65, _v8 ^ _t79, _t69, _t72, _t74);
				}
				_t75 = __ecx & 0x0000ffff;
				 *((short*)(__edx)) = 0;
				_v80 =  &_v40;
				_t41 = 0x1e;
				_v82 = _t41;
				_t43 = E01094720(__edx, __ecx & 0x0000ffff,  &_v84, 2, 0);
				if(_t43 < 0) {
					if(_t43 == 0xc0000023) {
						_v80 = 0;
						_v82 = 0;
						_t43 = E01094720(__edx, _t75,  &_v84, 2, 1);
					}
					if(_t43 >= 0) {
						goto L2;
					} else {
						_t76 = 0xc000000d;
						L4:
						if(_v88 != _t79 + 0x24) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v88);
						}
						if(_v80 !=  &_v40) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v80);
						}
						_t37 = _t76;
						goto L7;
					}
				}
				L2:
				_v88 = _t79 + 0x28;
				_t45 = 0x1e;
				 *((short*)(_t79 + 0x16)) = _t45;
				_t76 = E01092EB0(_t69, _v80,  &_v92, 6, 0);
				if(_t76 < 0) {
					if(_t76 == 0xc0000023) {
						_v88 = 0;
						 *((short*)(_t79 + 0x16)) = 0;
						_t76 = E01092EB0(_t69, _v80,  &_v92, 6, 1);
					}
					if(_t76 < 0) {
						goto L4;
					} else {
						goto L3;
					}
				}
				L3:
				if(0 != _v92) {
					_t76 = E01094570(_t69, _v88, _t79 + 0x24, 3);
					if(_t76 >= 0) {
						 *_t71 =  *((intOrPtr*)(_t79 + 0x20));
					}
				}
				goto L4;
			}


































                                      0x0108649b
                                      0x010864a3
                                      0x010864ad
                                      0x010864b6
                                      0x010864b8
                                      0x010864bc
                                      0x010864c0
                                      0x010864c4
                                      0x010864ca
                                      0x010e1905
                                      0x01086550
                                      0x01086554
                                      0x01086555
                                      0x01086556
                                      0x01086561
                                      0x01086561
                                      0x010864d2
                                      0x010864d5
                                      0x010864de
                                      0x010864e2
                                      0x010864e4
                                      0x010864f1
                                      0x010864f8
                                      0x010e1914
                                      0x010e1918
                                      0x010e191e
                                      0x010e192b
                                      0x010e192b
                                      0x010e1932
                                      0x00000000
                                      0x010e1938
                                      0x010e1938
                                      0x01086532
                                      0x0108653a
                                      0x010e1984
                                      0x010e1984
                                      0x01086548
                                      0x010e199c
                                      0x010e199c
                                      0x0108654e
                                      0x00000000
                                      0x0108654e
                                      0x010e1932
                                      0x010864fe
                                      0x01086504
                                      0x01086508
                                      0x0108650a
                                      0x0108651f
                                      0x01086523
                                      0x010e1948
                                      0x010e194c
                                      0x010e1952
                                      0x010e1967
                                      0x010e1967
                                      0x010e196b
                                      0x00000000
                                      0x010e1971
                                      0x00000000
                                      0x010e1971
                                      0x010e196b
                                      0x01086529
                                      0x01086530
                                      0x01086572
                                      0x01086576
                                      0x0108657d
                                      0x0108657d
                                      0x01086576
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b59a7b9b3115ffc153a19a980834795ee038841ec0d25ec5da4a29027993664c
                                      • Instruction ID: 6d8ea5f09e3fea58af05a3deff0a810fca50d0926a50fd545001b5e3e6db98fa
                                      • Opcode Fuzzy Hash: b59a7b9b3115ffc153a19a980834795ee038841ec0d25ec5da4a29027993664c
                                      • Instruction Fuzzy Hash: 544188725083069ED312DF69D940AAFB6E9BF88A54F01092AB9D0D7250E731DE058BA3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114AA16 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0114AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0114ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0114AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0114AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0112CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010A77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E010A7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0114131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0112CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                      0x0114aa1f
                                      0x0114aa21
                                      0x0114aa23
                                      0x0114aa2b
                                      0x0114aa30
                                      0x0114aa36
                                      0x0114aa39
                                      0x0114aa42
                                      0x0114aa75
                                      0x0114aa7a
                                      0x0114aa7c
                                      0x0114aa7c
                                      0x0114aa88
                                      0x0114aa8a
                                      0x0114aa8f
                                      0x0114ab02
                                      0x0114ab04
                                      0x0114aa99
                                      0x0114aaa8
                                      0x0114aaaf
                                      0x0114aab3
                                      0x0114aacc
                                      0x0114aad1
                                      0x0114aad6
                                      0x0114aae0
                                      0x0114aaf3
                                      0x0114aaf9
                                      0x0114aafe
                                      0x0114aafe
                                      0x0114aaf3
                                      0x0114aad6
                                      0x0114aab3
                                      0x0114ab07
                                      0x0114ab0a
                                      0x0114ab11
                                      0x0114ab23
                                      0x0114ab13
                                      0x0114ab1c
                                      0x0114ab1c
                                      0x0114ab2b
                                      0x0114ab44
                                      0x0114ab44
                                      0x0114ab51
                                      0x0114ab51
                                      0x0114aa44
                                      0x0114aa47
                                      0x0114aa4c
                                      0x00000000
                                      0x00000000
                                      0x0114aa5a
                                      0x0114aa64
                                      0x0114aa72
                                      0x00000000
                                      0x0114aa66
                                      0x0114aa66
                                      0x0114aa68
                                      0x0114aa6a
                                      0x00000000
                                      0x0114aa6a

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction ID: 6bd40f262fd42db8767e4218e0a6ed3b5e14d3e05a48952288dd96f42ec7c6a8
                                      • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction Fuzzy Hash: 96312672F801056BEB1D8B69D844BBFFBBAEF84A10F168469ED02A7241DB70CD00C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01098A0A Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E01098A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x117d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E010CB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0109E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1061180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E010B1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E010C3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01098999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                      0x01098a0a
                                      0x01098a1c
                                      0x01098a23
                                      0x01098a2e
                                      0x01098a30
                                      0x01098a36
                                      0x01098a3c
                                      0x01098a3e
                                      0x01098a4a
                                      0x01098a52
                                      0x01098a9c
                                      0x01098aae
                                      0x01098a58
                                      0x01098a5e
                                      0x01098a6a
                                      0x01098a6f
                                      0x01098a75
                                      0x01098a7d
                                      0x01098a85
                                      0x01098a86
                                      0x01098a89
                                      0x01098a93
                                      0x01098a99
                                      0x01098a9b
                                      0x00000000
                                      0x01098aaf
                                      0x01098abe
                                      0x01098ac3
                                      0x01098acb
                                      0x01098ad7
                                      0x01098ae0
                                      0x01098af1
                                      0x00000000
                                      0x01098af1
                                      0x01098acd
                                      0x01098ad5
                                      0x01098afb
                                      0x01098afd
                                      0x01098aff
                                      0x01098b07
                                      0x01098b22
                                      0x01098b24
                                      0x01098b2a
                                      0x01098b2e
                                      0x01098b3f
                                      0x01098b78
                                      0x01098b41
                                      0x01098b52
                                      0x01098b54
                                      0x01098b5c
                                      0x01098b74
                                      0x01098b74
                                      0x01098b5c
                                      0x01098b3f
                                      0x01098b5e
                                      0x01098b61
                                      0x01098b64
                                      0x01098b64
                                      0x01098b6c
                                      0x01098b6c
                                      0x01098b11
                                      0x010e9cd5
                                      0x010e9cd5
                                      0x01098b17
                                      0x01098b1a
                                      0x01098b1a
                                      0x00000000
                                      0x01098ad5
                                      0x01098a89

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 21504f7d68ec2c096cbd8a803bad5b9b2abafc3f4f0424ae2ee2303758535c10
                                      • Instruction ID: 07d0829f7613ec71a591d26e6f904be766850fc996a5dd9195f9a5cd80516a38
                                      • Opcode Fuzzy Hash: 21504f7d68ec2c096cbd8a803bad5b9b2abafc3f4f0424ae2ee2303758535c10
                                      • Instruction Fuzzy Hash: 104181B1A0022C9BDF64DF19C898AEAB7F4FB55300F1481EAD95997342E7749E80DF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114FDE2 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E0114FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0114FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01150A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E010A7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01141608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01152B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0114C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0114DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E010A7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0114A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                      0x0114fde7
                                      0x0114fde8
                                      0x0114fdec
                                      0x0114fdee
                                      0x0114fdf5
                                      0x0114fdf7
                                      0x0114fdfc
                                      0x0114fe19
                                      0x0114fe22
                                      0x0114fe26
                                      0x0114fec6
                                      0x0114fecd
                                      0x0114fed5
                                      0x0114fee7
                                      0x0114fed7
                                      0x0114fee0
                                      0x0114fee0
                                      0x0114feef
                                      0x0114ff00
                                      0x0114ff02
                                      0x0114ff07
                                      0x0114ff07
                                      0x00000000
                                      0x0114feef
                                      0x0114fe33
                                      0x0114fe55
                                      0x0114fe59
                                      0x0114fe5b
                                      0x0114fe5e
                                      0x0114fe69
                                      0x0114fe6d
                                      0x0114fe6d
                                      0x0114fe69
                                      0x0114fe35
                                      0x0114fe41
                                      0x0114fe41
                                      0x0114fe79
                                      0x0114fe8b
                                      0x0114fe7b
                                      0x0114fe84
                                      0x0114fe84
                                      0x0114fe93
                                      0x00000000
                                      0x0114fea8
                                      0x0114feba
                                      0x00000000
                                      0x0114feba
                                      0x0114fdfe
                                      0x0114fe01
                                      0x0114fe02
                                      0x0114fe08
                                      0x0114ff0c
                                      0x0114ff14
                                      0x0114ff14

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction ID: 294073a2c12142350776a70f4717efda6390f8055dfed622638472860a52bcf6
                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction Fuzzy Hash: 43312472200642AFE33A9B6CC844F6ABBE9EB85E50F094058E9469B342DB70DC42C761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114EA55 Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E0114EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E010A2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0114E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0108F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0109FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0114AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0114BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E010A7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0113FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0109FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0114A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                      0x0114ea55
                                      0x0114ea66
                                      0x0114ea68
                                      0x0114ea6c
                                      0x0114ea6f
                                      0x0114ea72
                                      0x0114ea75
                                      0x0114ea7a
                                      0x0114ea7a
                                      0x0114ea7e
                                      0x0114ea80
                                      0x0114ea85
                                      0x0114ea8b
                                      0x0114eab5
                                      0x0114eabc
                                      0x0114eabf
                                      0x0114eabf
                                      0x0114eaca
                                      0x0114eace
                                      0x0114ead0
                                      0x0114eae4
                                      0x0114eaeb
                                      0x0114eaf0
                                      0x0114eaf5
                                      0x0114eb09
                                      0x0114eb0d
                                      0x0114eb1d
                                      0x0114eb2d
                                      0x0114eb38
                                      0x0114eb3d
                                      0x0114eb41
                                      0x0114eb4a
                                      0x0114eb60
                                      0x0114eb4c
                                      0x0114eb52
                                      0x0114eb59
                                      0x0114eb59
                                      0x0114eb68
                                      0x0114eb71
                                      0x0114eb71
                                      0x0114ea8d
                                      0x0114ea8f
                                      0x0114ea92
                                      0x0114ea97
                                      0x0114ea97
                                      0x0114ea9b
                                      0x0114ea9c
                                      0x0114ea9e
                                      0x0114eaa6
                                      0x0114eaa6
                                      0x0114eb7e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction ID: 48a5786297046753737a938d93e1f193048a921a1690c59c4f3cc7bdfd086bce
                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction Fuzzy Hash: 6031D272604706ABD719DF28C880A6BB7A9FFC0610F05892DF59787641DF34E805CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109B433 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E0109B433(intOrPtr __ecx, signed int __edx, intOrPtr _a4, char _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				short _t48;
				intOrPtr* _t51;
				char* _t52;
				signed int _t61;
				void* _t63;
				signed int _t71;
				intOrPtr _t73;
				void* _t74;

				_t73 = __ecx;
				_v5 = __edx;
				_v12 = __ecx;
				_t65 = __edx;
				_t71 = 1 << __edx;
				if(1 > 0x78000) {
					_t71 = 0x78000;
				}
				_t58 = _t71;
				if(_a8 != 0) {
					_t13 = _t71 + 0x2000; // 0x2001
					_t58 = _t13;
				}
				E0109EEF0( *((intOrPtr*)(_t73 + 0xc8)));
				_t74 = E010A4620(_t65, _t73, 0x800001, _t58);
				if(_t74 == 0) {
					E0109EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					L8:
					return _t74;
				}
				if(_a8 != 0) {
					_t15 = _t74 + 0xfff; // 0xfff
					_t61 = _t15 + _t71 & 0xfffff000;
					_v20 = _t61;
					_t63 = _t61 - _t74 + 0x1000;
					_t74 = L010A8E10(_v12, 0x800001, _t74, _t63);
					E0109EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_v16 = 0x1000;
					_push( &_v24);
					_push(1);
					_push( &_v16);
					_push( &_v20);
					_push(0xffffffff);
					E010C9A00();
					_t58 = _t63 - 0x1000;
					 *((char*)(_t74 + 9)) = 1;
					_t48 = _t63 - 0x1000 - _t71;
					_t72 = _v12;
				} else {
					_t72 = _v12;
					E0109EB70(_t65,  *((intOrPtr*)(_v12 + 0xc8)));
					_t48 = 0;
					 *((char*)(_t74 + 9)) = 0;
				}
				 *((short*)(_t74 + 0xa)) = _t48;
				 *((char*)(_t74 + 8)) = _v5;
				_t51 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t51 != 0) {
					if( *_t51 == 0) {
						goto L6;
					}
					_t52 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					goto L7;
				} else {
					L6:
					_t52 = 0x7ffe0380;
					L7:
					if( *_t52 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							E01141843(_t58, _t72, _t74, _t58, _a4);
						}
					}
					goto L8;
				}
			}

















                                      0x0109b442
                                      0x0109b444
                                      0x0109b448
                                      0x0109b44b
                                      0x0109b452
                                      0x0109b456
                                      0x010ea7da
                                      0x010ea7da
                                      0x0109b460
                                      0x0109b462
                                      0x0109b4d2
                                      0x0109b4d2
                                      0x0109b4d2
                                      0x0109b46a
                                      0x0109b47b
                                      0x0109b47f
                                      0x010ea7ea
                                      0x0109b4c8
                                      0x0109b4cf
                                      0x0109b4cf
                                      0x0109b489
                                      0x0109b4dd
                                      0x0109b4e5
                                      0x0109b4eb
                                      0x0109b4f0
                                      0x0109b503
                                      0x0109b50e
                                      0x0109b516
                                      0x0109b51d
                                      0x0109b51e
                                      0x0109b523
                                      0x0109b527
                                      0x0109b528
                                      0x0109b52a
                                      0x0109b52f
                                      0x0109b535
                                      0x0109b53b
                                      0x0109b53d
                                      0x0109b48b
                                      0x0109b48b
                                      0x0109b494
                                      0x0109b499
                                      0x0109b49b
                                      0x0109b49b
                                      0x0109b49e
                                      0x0109b4a5
                                      0x0109b4ae
                                      0x0109b4b3
                                      0x010ea7f7
                                      0x00000000
                                      0x00000000
                                      0x010ea806
                                      0x00000000
                                      0x0109b4b9
                                      0x0109b4b9
                                      0x0109b4b9
                                      0x0109b4be
                                      0x0109b4c1
                                      0x010ea81d
                                      0x010ea82b
                                      0x010ea82b
                                      0x010ea81d
                                      0x00000000
                                      0x0109b4c1

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                      • Instruction ID: 256bffefca721a6594cc64aa34fd541d73db04d67f15356727faaa5a00eefe41
                                      • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                      • Instruction Fuzzy Hash: 6B412532A00245EFDF21CBACCC54FDEBBE8AF14750F0481A6E4D597352CA74A984DBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011069A6 Relevance: .1, Instructions: 108COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E011069A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x117d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01096C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01106BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E010C9980() >= 0) {
							E010A2280(_t56, 0x1178778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1178774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1178774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0108B6F0(0x106c338, 0x106c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E010C9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010C95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0109FFB0(_t68, _t77, 0x1178778);
				}
				_pop(_t78);
				return E010CB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                      0x011069b5
                                      0x011069be
                                      0x011069c3
                                      0x011069c9
                                      0x011069cc
                                      0x011069d1
                                      0x011069d3
                                      0x011069de
                                      0x011069e1
                                      0x011069ea
                                      0x011069f6
                                      0x011069fe
                                      0x01106a13
                                      0x01106a14
                                      0x01106a15
                                      0x01106a16
                                      0x01106a1e
                                      0x01106a26
                                      0x01106a31
                                      0x01106a36
                                      0x01106a37
                                      0x01106a40
                                      0x01106a49
                                      0x01106a4a
                                      0x01106a53
                                      0x01106a59
                                      0x01106a5d
                                      0x01106a5e
                                      0x01106a64
                                      0x01106a67
                                      0x01106a6a
                                      0x01106a6d
                                      0x01106a70
                                      0x01106a77
                                      0x01106a7d
                                      0x01106a86
                                      0x01106a89
                                      0x01106a9c
                                      0x01106a9f
                                      0x01106aa2
                                      0x01106aa5
                                      0x01106aaf
                                      0x01106ab1
                                      0x01106ab8
                                      0x01106ab9
                                      0x01106abb
                                      0x01106abe
                                      0x01106ac5
                                      0x01106ac5
                                      0x01106aaf
                                      0x01106a40
                                      0x01106a26
                                      0x011069fe
                                      0x01106ace
                                      0x01106ad0
                                      0x01106ad3
                                      0x01106ad8
                                      0x01106adf
                                      0x01106adf
                                      0x01106ae8
                                      0x01106aef
                                      0x01106aef
                                      0x01106af9
                                      0x01106b06

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 944c55f9d8a5782a6341f2397e7aaa62f9125931493a991135dc1e6d5294035c
                                      • Instruction ID: 6e0719ce87198858420b76ba03cda2a7333e77b524dc313dd92ddd3ecafd5bcb
                                      • Opcode Fuzzy Hash: 944c55f9d8a5782a6341f2397e7aaa62f9125931493a991135dc1e6d5294035c
                                      • Instruction Fuzzy Hash: C4417BB1D0060DAFDB29DFA9D940BFEBBF8EF48714F04812AE955A7280DB709945CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01085210 Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E01085210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010852A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010C95D0();
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0109EB70(_t54, 0x11779a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010C95D0();
								L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0109EB70(_t54, 0x11779a0);
						}
						return _t52;
					}
					L5:
					_t33 = E010CF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0109EB70(_t54, 0x11779a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010C95D0();
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                      0x01085220
                                      0x01085224
                                      0x010e0d13
                                      0x010e0d16
                                      0x010e0d19
                                      0x0108522a
                                      0x0108522a
                                      0x0108522d
                                      0x0108522d
                                      0x01085231
                                      0x01085235
                                      0x01085239
                                      0x010e0d5c
                                      0x010e0d62
                                      0x00000000
                                      0x00000000
                                      0x010e0d6a
                                      0x010e0d7b
                                      0x010e0d7f
                                      0x010e0d81
                                      0x010e0d84
                                      0x010e0d95
                                      0x010e0d95
                                      0x010e0d6c
                                      0x010e0d71
                                      0x010e0d71
                                      0x010e0d9a
                                      0x00000000
                                      0x0108524a
                                      0x0108524a
                                      0x01085250
                                      0x010e0d24
                                      0x010e0d35
                                      0x010e0d39
                                      0x010e0d3b
                                      0x010e0d3e
                                      0x010e0d50
                                      0x010e0d50
                                      0x010e0d26
                                      0x010e0d2b
                                      0x010e0d2b
                                      0x00000000
                                      0x010e0d55
                                      0x01085256
                                      0x0108525b
                                      0x01085265
                                      0x010e0da7
                                      0x0108526b
                                      0x0108526e
                                      0x01085272
                                      0x010e0db1
                                      0x010e0db4
                                      0x010e0dc5
                                      0x010e0dc5
                                      0x01085272
                                      0x01085278
                                      0x0108527e
                                      0x0108528a
                                      0x0108528c
                                      0x0108528d
                                      0x00000000
                                      0x01085280
                                      0x01085282
                                      0x01085288
                                      0x0108529f
                                      0x01085292
                                      0x00000000
                                      0x01085292
                                      0x00000000
                                      0x01085288
                                      0x0108527e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: afa59c7a51ed05ca5537cea01797f03b5dd17a08fe787acc3a9d05ce93a7db68
                                      • Instruction ID: b191c61b3c4f7c6496a2234c40a72c7ae07c475bf2d45320cf0bfbb092f3ac4c
                                      • Opcode Fuzzy Hash: afa59c7a51ed05ca5537cea01797f03b5dd17a08fe787acc3a9d05ce93a7db68
                                      • Instruction Fuzzy Hash: 0B31F531249601DFCB66BB29CC44FAE7BE5BF60760F114619F4D50B5A4EBA1A900C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C3D43 Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010C3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01097B60(0, _t61, 0x10611c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01097B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = E010A4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                      0x010c3d4c
                                      0x010c3d50
                                      0x010c3d55
                                      0x010c3d5e
                                      0x010fe79a
                                      0x00000000
                                      0x010fe79a
                                      0x010c3d68
                                      0x010fe789
                                      0x010c3d9d
                                      0x010c3da3
                                      0x010c3daf
                                      0x010c3db5
                                      0x010c3dbc
                                      0x010c3dc4
                                      0x010c3dc9
                                      0x010c3dce
                                      0x010fe7ae
                                      0x010fe7ae
                                      0x010c3dde
                                      0x010c3de2
                                      0x010c3de7
                                      0x010c3e0d
                                      0x010c3e13
                                      0x010c3e16
                                      0x010c3e1e
                                      0x010c3e25
                                      0x010c3e28
                                      0x00000000
                                      0x00000000
                                      0x010c3e2a
                                      0x010c3e2f
                                      0x010c3e37
                                      0x010c3e37
                                      0x00000000
                                      0x010c3e37
                                      0x010c3e31
                                      0x00000000
                                      0x010c3e31
                                      0x010c3e20
                                      0x010c3e20
                                      0x010c3e35
                                      0x00000000
                                      0x010c3de9
                                      0x010c3de9
                                      0x010c3de9
                                      0x010c3dee
                                      0x010c3dfd
                                      0x010c3dff
                                      0x010c3e02
                                      0x010c3e05
                                      0x010c3e05
                                      0x00000000
                                      0x010c3df0
                                      0x010c3de7
                                      0x010fe78f
                                      0x010fe794
                                      0x010c3d79
                                      0x010c3d84
                                      0x010c3d89
                                      0x010c3d8e
                                      0x00000000
                                      0x010fe7a4
                                      0x010c3d96
                                      0x010c3d9a
                                      0x00000000
                                      0x010c3d9a
                                      0x00000000
                                      0x010fe794
                                      0x010c3d6e
                                      0x010c3d73
                                      0x00000000
                                      0x010fe7b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aebfb65e7bfbc86601d09628c2b2ea345dec0d5b1a76d811da5517d30f7d5bc0
                                      • Instruction ID: 991a450835771ee3cabb87071a9a9b229111d512a9e834c1e3dd7f04e87131b6
                                      • Opcode Fuzzy Hash: aebfb65e7bfbc86601d09628c2b2ea345dec0d5b1a76d811da5517d30f7d5bc0
                                      • Instruction Fuzzy Hash: EE319E31610615DBD7659F2DD842A6EBBE5FF49B10705C0AEE986CF3A0E630D840CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AC182 Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E010AC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E010A7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01158D34(_v8, _t80);
					}
					E010A2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0109FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01158833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0109FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E010CB180();
						if(_a4 != 0) {
							E010A2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E010ABB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E010ABB2D(_t16, _t15);
						E010AB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0109FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0109FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0109FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                      0x010ac18d
                                      0x010ac18f
                                      0x010ac191
                                      0x010ac19b
                                      0x010ac1a0
                                      0x010ac1d4
                                      0x010ac1de
                                      0x010f2d6e
                                      0x010ac1e4
                                      0x010ac1e4
                                      0x010ac1e4
                                      0x010ac1ec
                                      0x010f2d7d
                                      0x010f2d7d
                                      0x010ac1f3
                                      0x010ac1ff
                                      0x010f2d88
                                      0x010f2d8d
                                      0x010f2d94
                                      0x010f2d94
                                      0x010f2d9f
                                      0x010f2da4
                                      0x010f2dab
                                      0x010f2db0
                                      0x010f2db2
                                      0x010f2db3
                                      0x010f2db4
                                      0x010f2dbc
                                      0x010f2dc3
                                      0x010f2dc3
                                      0x010ac205
                                      0x010ac205
                                      0x010ac208
                                      0x010ac20e
                                      0x010ac211
                                      0x010ac216
                                      0x010ac219
                                      0x010ac21f
                                      0x010ac222
                                      0x010ac22c
                                      0x010ac234
                                      0x010ac23a
                                      0x010ac23f
                                      0x010ac245
                                      0x010ac24b
                                      0x010ac251
                                      0x010ac25a
                                      0x010ac276
                                      0x010ac27d
                                      0x010ac27d
                                      0x010ac25c
                                      0x010ac25c
                                      0x00000000
                                      0x010ac25e
                                      0x010ac1a4
                                      0x010ac1aa
                                      0x010ac1b3
                                      0x010ac265
                                      0x010ac26c
                                      0x010ac26c
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction ID: 037abbe4741341eed9e09727f08a6460182a153a9542b569c67505ed56f39482
                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction Fuzzy Hash: 5B317A72B0154BBEEB44EBF4C590BEDFB94BF52204F44415AC49C87201DB386A05DBE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01107016 Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E01107016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x117d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01106B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01106B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E010A7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E010C9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E010CB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = E010A4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                      0x01107016
                                      0x0110701e
                                      0x0110702b
                                      0x01107033
                                      0x01107037
                                      0x0110703c
                                      0x0110703e
                                      0x01107041
                                      0x01107045
                                      0x0110704a
                                      0x01107050
                                      0x01107055
                                      0x0110705a
                                      0x01107062
                                      0x01107062
                                      0x0110705a
                                      0x01107064
                                      0x01107064
                                      0x01107067
                                      0x01107071
                                      0x01107096
                                      0x0110709b
                                      0x011070a2
                                      0x011070a6
                                      0x011070a7
                                      0x011070ad
                                      0x011070b3
                                      0x011070b6
                                      0x011070bb
                                      0x011070c3
                                      0x011070c3
                                      0x011070c6
                                      0x011070cd
                                      0x011070dd
                                      0x011070e0
                                      0x011070e2
                                      0x011070e2
                                      0x011070ee
                                      0x01107101
                                      0x011070f0
                                      0x011070f9
                                      0x011070f9
                                      0x0110710a
                                      0x0110710e
                                      0x01107112
                                      0x01107117
                                      0x01107118
                                      0x01107118
                                      0x011070bb
                                      0x0110711d
                                      0x01107123
                                      0x01107131
                                      0x01107131
                                      0x01107136
                                      0x0110713d
                                      0x0110713e
                                      0x0110713f
                                      0x0110714a
                                      0x0110714a
                                      0x01107084
                                      0x01107088
                                      0x00000000
                                      0x0110708e
                                      0x0110708e
                                      0x01107092
                                      0x00000000
                                      0x01107092

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 85adf1b720326ffe7e9dde70867c50437e075970ec9d463fa9fc552bb888e7cb
                                      • Instruction ID: 795d21bed344516da572fa859ad30da94c4dc8d628e71e2752b19440b904942b
                                      • Opcode Fuzzy Hash: 85adf1b720326ffe7e9dde70867c50437e075970ec9d463fa9fc552bb888e7cb
                                      • Instruction Fuzzy Hash: 3031C672A047519BC325DF68C840AAAB7E5BF88700F044A2DF9D5877D0E770E914CBA6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B53C5 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E010B53C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				unsigned int _t58;
				char _t63;
				unsigned int _t72;
				signed int _t77;
				intOrPtr _t79;
				void* _t80;

				_push(0x18);
				_push(0x115ff80);
				E010DD08C(__ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t80 - 0x28)) = __ecx;
				 *((char*)(_t80 - 0x1a)) = 0;
				 *((char*)(_t80 - 0x19)) = 0;
				 *((intOrPtr*)(_t80 - 0x20)) = 0;
				 *((intOrPtr*)(_t80 - 4)) = 0;
				if(( *(__ecx + 0x40) & 0x75010f61) != 0 || ( *(__ecx + 0x40) & 0x00000002) == 0 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					_t47 = 0;
					_t63 = 1;
				} else {
					_t63 = 1;
					_t47 = 1;
				}
				if(_t47 == 0) {
					_t77 = 0xc000000d;
					goto L18;
				} else {
					E0109EEF0( *((intOrPtr*)(_t79 + 0xc8)));
					 *((char*)(_t80 - 0x19)) = _t63;
					if( *((char*)(_t79 + 0xda)) == 2) {
						_t47 =  *(_t79 + 0xd4);
					} else {
						_t47 = 0;
					}
					if(_t47 != 0) {
						_t77 = 0;
						goto L18;
					} else {
						if( *((intOrPtr*)(_t79 + 0xd8)) != 0) {
							_t77 = 0xc000001e;
							L18:
							 *((intOrPtr*)(_t80 - 0x20)) = _t77;
							L19:
							_t64 = 0xffff;
							L14:
							 *((intOrPtr*)(_t80 - 4)) = 0xfffffffe;
							E010B5520(_t47, _t64, _t79);
							return E010DD0D1(_t77);
						}
						 *((short*)(_t79 + 0xd8)) = _t63;
						 *((char*)(_t80 - 0x1a)) = _t63;
						_t72 =  *0x1175cb4; // 0x4000
						_t69 = _t79;
						_t77 = E010B55C8(_t79, (_t72 >> 3) + 2);
						 *((intOrPtr*)(_t80 - 0x20)) = _t77;
						if(_t77 < 0) {
							goto L19;
						}
						E010B5539(_t79,  *((intOrPtr*)(_t79 + 0xb4)), _t69);
						 *(_t79 + 0xd4) =  *(_t79 + 0xd4) & 0x00000000;
						 *((char*)(_t79 + 0xda)) = 0;
						E0109EB70(_t79,  *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = 0;
						_t71 = _t79;
						 *(_t80 - 0x24) = E010B3C3E(_t79);
						E0109EEF0( *((intOrPtr*)(_t79 + 0xc8)));
						 *((char*)(_t80 - 0x19)) = _t63;
						_t56 =  *(_t80 - 0x24);
						if(_t56 == 0) {
							_t77 = 0xc0000017;
							 *((intOrPtr*)(_t80 - 0x20)) = 0xc0000017;
						} else {
							 *(_t79 + 0xd4) = _t56;
							 *((short*)(_t79 + 0xda)) = 0x202;
							if((E010B4190() & 0x00010000) == 0) {
								_t58 =  *0x1175cb4; // 0x4000
								 *(_t79 + 0x6c) = _t58 >> 3;
							}
						}
						_t64 = 0xffff;
						 *((intOrPtr*)(_t79 + 0xd8)) =  *((intOrPtr*)(_t79 + 0xd8)) + 0xffff;
						 *((char*)(_t80 - 0x1a)) = 0;
						 *((char*)(_t80 - 0x19)) = 0;
						_t47 = E0109EB70(_t71,  *((intOrPtr*)(_t79 + 0xc8)));
						goto L14;
					}
				}
			}










                                      0x010b53c5
                                      0x010b53c7
                                      0x010b53cc
                                      0x010b53d1
                                      0x010b53d3
                                      0x010b53d8
                                      0x010b53db
                                      0x010b53de
                                      0x010b53e1
                                      0x010b53eb
                                      0x010f70b0
                                      0x010f70b4
                                      0x010b540e
                                      0x010b5410
                                      0x010b5411
                                      0x010b5411
                                      0x010b5415
                                      0x010f70ba
                                      0x00000000
                                      0x010b541b
                                      0x010b5421
                                      0x010b5426
                                      0x010b5432
                                      0x010f70d3
                                      0x010b5438
                                      0x010b5438
                                      0x010b5438
                                      0x010b543c
                                      0x010f70de
                                      0x00000000
                                      0x010b5442
                                      0x010b5449
                                      0x010f70c1
                                      0x010f70c6
                                      0x010f70c6
                                      0x010f70c9
                                      0x010f70c9
                                      0x010b550c
                                      0x010b550c
                                      0x010b5513
                                      0x010b551f
                                      0x010b551f
                                      0x010b544f
                                      0x010b5456
                                      0x010b5459
                                      0x010b5465
                                      0x010b546c
                                      0x010b546e
                                      0x010b5473
                                      0x00000000
                                      0x00000000
                                      0x010b5482
                                      0x010b5487
                                      0x010b548e
                                      0x010b549b
                                      0x010b54a0
                                      0x010b54a4
                                      0x010b54ab
                                      0x010b54b4
                                      0x010b54b9
                                      0x010b54bc
                                      0x010b54c1
                                      0x010f70e2
                                      0x010f70e7
                                      0x010b54c7
                                      0x010b54c7
                                      0x010b54cd
                                      0x010b54e0
                                      0x010b54e2
                                      0x010b54ea
                                      0x010b54ea
                                      0x010b54e0
                                      0x010b54ed
                                      0x010b54f2
                                      0x010b54f9
                                      0x010b54fd
                                      0x010b5507
                                      0x00000000
                                      0x010b5507
                                      0x010b543c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 78d3a5d901931e23b50581e697e9615bf8bf6bbe5a0c950dbba4f19cc333f2e1
                                      • Instruction ID: 0ca198621683bb71d16b628b28373ad0e38a0ed17859cd42bcb53a302f6c3fe0
                                      • Opcode Fuzzy Hash: 78d3a5d901931e23b50581e697e9615bf8bf6bbe5a0c950dbba4f19cc333f2e1
                                      • Instruction Fuzzy Hash: 2A410330A00745CBDB62CBB8C8513EFBAE2AF51304F14056ED1C6AB741DB354905C7AA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01083880 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E01083880(signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _t28;
				signed int _t30;
				signed int* _t42;
				signed int _t45;
				signed int* _t46;
				void* _t47;

				_v20 = _v20 | 0xffffffff;
				_t28 = 0;
				_t42 = 0;
				_v24 = 0xfd050f80;
				_t46 = 0;
				_v16 = 0;
				_t45 = 0;
				_v12 = 0;
				_v8 = 0;
				_t47 =  *0x11784cc - _t28; // 0x0
				if(_t47 != 0) {
					E010AECE0(_a12, _a8, 0, 0);
					_t30 = 0;
					L2:
					while(1) {
						do {
							L2:
							while(1) {
								if(_t46 != 0) {
									L5:
									_push(0x1030);
									_push(_t46);
									_push(_t45);
									_push(_t30);
									_push( &_v16);
									_push(_t42);
									if(E010CA3A0() >= 0) {
										_t43 = _t46;
										_t45 = E0108395E(_t46, 0);
										if(_t45 == 0x103) {
											_t42 = 0;
											_t30 = 0;
											_v16 = _v16 & 0;
											_t45 = 0;
											_v12 = _v12 & 0;
											_t46 = 0;
											_v8 = 0;
											continue;
										} else {
											break;
										}
										goto L9;
									}
								} else {
									_t46 = E010A4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t46, 0x1030);
									if(_t46 == 0) {
										_t28 = 0xc0000017;
									} else {
										_t30 = _v8;
										goto L5;
									}
								}
								if(_t28 != 0x8000001a) {
									_t28 = E010AECE0(_a12, _a8,  &_v24, 0);
								}
								if(_t46 != 0) {
									return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t46);
								}
								goto L9;
							}
							_t13 =  &(_t46[2]); // 0x8
							_t42 = _t13;
							_v16 =  *_t46;
							_v12 = _t46[1];
							_t30 = _t46[6];
							_v8 = _t30;
						} while (_t45 != 0xc000022d);
						E01112D0B(_t43);
						_t30 = _v8;
						_t46 = 0;
					}
				}
				L9:
				return _t28;
			}














                                      0x01083888
                                      0x0108388c
                                      0x0108388f
                                      0x01083891
                                      0x01083899
                                      0x0108389b
                                      0x0108389f
                                      0x010838a1
                                      0x010838a4
                                      0x010838a7
                                      0x010838ad
                                      0x010838b7
                                      0x010838bc
                                      0x00000000
                                      0x010838be
                                      0x010838be
                                      0x00000000
                                      0x010838be
                                      0x010838c0
                                      0x010838e3
                                      0x010838e3
                                      0x010838e8
                                      0x010838e9
                                      0x010838ea
                                      0x010838ee
                                      0x010838ef
                                      0x010838f7
                                      0x01083924
                                      0x0108392b
                                      0x01083933
                                      0x010dffb7
                                      0x010dffb9
                                      0x010dffbb
                                      0x010dffbe
                                      0x010dffc0
                                      0x010dffc3
                                      0x010dffc5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083933
                                      0x010838c2
                                      0x010838d6
                                      0x010838da
                                      0x010dffdc
                                      0x010838e0
                                      0x010838e0
                                      0x00000000
                                      0x010838e0
                                      0x010838da
                                      0x010838fe
                                      0x010dfff2
                                      0x010dfff2
                                      0x01083906
                                      0x00000000
                                      0x01083914
                                      0x00000000
                                      0x01083906
                                      0x0108393b
                                      0x0108393b
                                      0x0108393e
                                      0x01083944
                                      0x01083947
                                      0x0108394a
                                      0x0108394d
                                      0x010dffcd
                                      0x010dffd2
                                      0x010dffd5
                                      0x010dffd5
                                      0x010838be
                                      0x0108391f
                                      0x0108391f

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9159071eb2e6b6a7ed94b59eed4a062d7b484973e4c240bc4fd53f456f5d57cf
                                      • Instruction ID: 7ba3590fccca9610181a893cbc03335fdd8707c232ae5470455a188b945b090a
                                      • Opcode Fuzzy Hash: 9159071eb2e6b6a7ed94b59eed4a062d7b484973e4c240bc4fd53f456f5d57cf
                                      • Instruction Fuzzy Hash: 4C319232E0421AEFDB21EFA9C840AAEBBF8BF44650F018565E9D5DB250D670DE018B90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114A189 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E0114A189(signed int __ecx, signed char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* __ebx;
				void* __edi;
				intOrPtr _t29;
				intOrPtr* _t30;
				intOrPtr _t40;
				void* _t44;
				signed int _t50;
				intOrPtr* _t51;
				intOrPtr _t52;

				_v20 = __edx;
				_t50 = __ecx;
				if(__edx != 0) {
					E010A2280(__edx, 0x1176220);
					_t42 = _t50;
					_t40 = E0114A166(_t50);
					if(_t40 != 0) {
						L15:
						E0109FFB0(_t40, _t50, 0x1176220);
						 *_v20 = _t40;
						return 0;
					}
					_t44 = E0114A166(_t42 ^ 0x00000100);
					if(_t44 != 0) {
						_v12 =  *((intOrPtr*)(_t44 + 4));
						_v8 =  *((intOrPtr*)(_t44 + 8));
						L7:
						_t51 = E010A4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x50);
						if(_t51 != 0) {
							_t10 = _t51 + 0xc; // 0xc
							_t40 = _t10;
							_t29 = E0113A708(_t50, _v12, _v8, _t40);
							_v16 = _t29;
							if(_t29 >= 0) {
								 *(_t51 + 8) = _t50;
								_t30 =  *0x11753d4; // 0x779953d0
								if( *_t30 != 0x11753d0) {
									0x11753d0 = 3;
									asm("int 0x29");
								}
								 *_t51 = 0x11753d0;
								 *((intOrPtr*)(_t51 + 4)) = _t30;
								 *_t30 = _t51;
								 *0x11753d4 = _t51;
								goto L15;
							}
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t51);
							_t52 = _v16;
							L11:
							E0109FFB0(_t40, _t50, 0x1176220);
							return _t52;
						}
						_t52 = 0xc0000017;
						goto L11;
					}
					_push( &_v8);
					_push( &_v12);
					_push(_t44);
					_push(_t50 & 0xfffffeff);
					_push(0xc);
					_t52 = E010CA420();
					if(_t52 >= 0) {
						goto L7;
					}
					goto L11;
				}
				return 0xc00000f0;
			}
















                                      0x0114a194
                                      0x0114a199
                                      0x0114a19d
                                      0x0114a1ae
                                      0x0114a1b3
                                      0x0114a1ba
                                      0x0114a1be
                                      0x0114a27e
                                      0x0114a283
                                      0x0114a28b
                                      0x00000000
                                      0x0114a28d
                                      0x0114a1cf
                                      0x0114a1d3
                                      0x0114a1f8
                                      0x0114a1fe
                                      0x0114a201
                                      0x0114a213
                                      0x0114a217
                                      0x0114a223
                                      0x0114a223
                                      0x0114a22c
                                      0x0114a231
                                      0x0114a236
                                      0x0114a25b
                                      0x0114a263
                                      0x0114a26a
                                      0x0114a26e
                                      0x0114a26f
                                      0x0114a26f
                                      0x0114a271
                                      0x0114a273
                                      0x0114a276
                                      0x0114a278
                                      0x00000000
                                      0x0114a278
                                      0x0114a245
                                      0x0114a24a
                                      0x0114a24d
                                      0x0114a252
                                      0x00000000
                                      0x0114a257
                                      0x0114a219
                                      0x00000000
                                      0x0114a219
                                      0x0114a1d8
                                      0x0114a1dc
                                      0x0114a1dd
                                      0x0114a1e5
                                      0x0114a1e6
                                      0x0114a1ed
                                      0x0114a1f1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0114a1f3
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52bbde9e43ccd9e24d4d8c08f3e618357cf17057e15090fa7281b3696611f74b
                                      • Instruction ID: 0e27df3b5bce83f5495422f6565d244e95eb75780b0575879fe645879ca0ec3d
                                      • Opcode Fuzzy Hash: 52bbde9e43ccd9e24d4d8c08f3e618357cf17057e15090fa7281b3696611f74b
                                      • Instruction Fuzzy Hash: 07310871A80616EFDB1A9F99E850FAEBBB9EF54B10F120069F506EB340DB71DD009790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BA70E Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E010BA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1177b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1177b10 = 8;
					 *0x1177b14 = 0x1177b0c;
					 *0x1177b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E010BA990(0x1177b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L010BA840(__edx, __ecx, __ecx, _t52, 0x1177b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1177b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1177b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1177b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = E010A4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1177b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E010CF3E0(_t50,  *0x1177b14, _t8 >> 3);
						_t28 =  *0x1177b14; // 0x0
						__eflags = _t28 - 0x1177b0c;
						if(_t28 != 0x1177b0c) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1177b14 = _t50;
						_t48 = _v12;
						 *0x1177b10 = _t9;
						goto L6;
					}
					 *0x1177b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                      0x010ba713
                                      0x010ba714
                                      0x010ba717
                                      0x010ba71d
                                      0x010ba720
                                      0x010ba722
                                      0x010ba727
                                      0x010ba74a
                                      0x010ba754
                                      0x010ba75e
                                      0x010ba768
                                      0x010ba76a
                                      0x010ba773
                                      0x010ba78b
                                      0x010ba790
                                      0x010ba792
                                      0x010ba741
                                      0x010ba741
                                      0x010ba743
                                      0x010ba749
                                      0x010ba749
                                      0x010ba732
                                      0x010ba73a
                                      0x010ba797
                                      0x010ba79d
                                      0x010ba7a3
                                      0x010ba7a9
                                      0x010ba7b6
                                      0x010ba7bc
                                      0x010ba7ca
                                      0x010ba7e0
                                      0x010ba7e2
                                      0x010ba7e4
                                      0x010f9bf2
                                      0x00000000
                                      0x010f9bf2
                                      0x010ba7ed
                                      0x010ba7f2
                                      0x010ba800
                                      0x010ba805
                                      0x010ba80d
                                      0x010ba812
                                      0x010f9c08
                                      0x010f9c08
                                      0x010ba818
                                      0x010ba81b
                                      0x010ba821
                                      0x010ba824
                                      0x00000000
                                      0x010ba824
                                      0x010ba7ae
                                      0x00000000
                                      0x010ba7ae
                                      0x010ba73c
                                      0x010ba73e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aea2a2372227a021212451857d3a4eca29c4bd2a24b3414e3a983b33acf5e99c
                                      • Instruction ID: 8dbd89c7900bd8ae3b80411a6360ae29e2d73483af345cc993c772caedaa2fa3
                                      • Opcode Fuzzy Hash: aea2a2372227a021212451857d3a4eca29c4bd2a24b3414e3a983b33acf5e99c
                                      • Instruction Fuzzy Hash: 3B31A1B1704205EBD729CB18EC84FB97BF9FB88710F1449AAE26597384D7709981CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B61A0 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E010B61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E010B5E50(0x10667cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01159D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0108F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                      0x010b61b3
                                      0x010b61b5
                                      0x010b61bd
                                      0x010b61c3
                                      0x010b61c7
                                      0x010b61d2
                                      0x010b61ff
                                      0x010b61ff
                                      0x010b6201
                                      0x010b6207
                                      0x010b6207
                                      0x010b61d4
                                      0x010b61d9
                                      0x00000000
                                      0x00000000
                                      0x010b61df
                                      0x010b61e2
                                      0x00000000
                                      0x00000000
                                      0x010b61e6
                                      0x010b61e8
                                      0x010b61ee
                                      0x010b61ee
                                      0x010b61f9
                                      0x010f762f
                                      0x010f7632
                                      0x010f7635
                                      0x010f7639
                                      0x010f7640
                                      0x010f766e
                                      0x010f7675
                                      0x00000000
                                      0x00000000
                                      0x010f7681
                                      0x010f7689
                                      0x010f768d
                                      0x010f7691
                                      0x010f7695
                                      0x010f7699
                                      0x010f76af
                                      0x010f76b5
                                      0x010f76b7
                                      0x010f76b7
                                      0x010f76d7
                                      0x010f76dc
                                      0x00000000
                                      0x010f76dc
                                      0x010f76a2
                                      0x010f76a9
                                      0x010f7651
                                      0x010f7653
                                      0x010f7653
                                      0x010f7656
                                      0x010f7656
                                      0x00000000
                                      0x010f7656
                                      0x010f7644
                                      0x010f7646
                                      0x010f7648
                                      0x010f7648
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02c9d7bad673002a4039756e388b1f4752334584c5071dc9f3a502434227f121
                                      • Instruction ID: 5bdf43c462fff42c877cbb57f2f46f9ab2bb28e86fee51e8ab6de79939924403
                                      • Opcode Fuzzy Hash: 02c9d7bad673002a4039756e388b1f4752334584c5071dc9f3a502434227f121
                                      • Instruction Fuzzy Hash: 853180716057018FE360CF1DC841B6ABBE5FB88B00F0949ADEAD89B751E771D804CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108AA16 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 95%
                                      			E0108AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x117d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1177b9c; // 0x0
					_t53 = E010A4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E010CB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E010CF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01096C59(_t53, _t51, _t58) != 0) {
							_t28 = E010B5E50(0x106c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E010BB230(_v32, _v28, 0x106c2d8, 1,  &_v24);
								_t28 = E0108F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                      0x0108aa25
                                      0x0108aa29
                                      0x0108aa2d
                                      0x0108aa30
                                      0x0108aa37
                                      0x0108aa3c
                                      0x010e4458
                                      0x010e4458
                                      0x010e4472
                                      0x010e4474
                                      0x010e4476
                                      0x0108aa64
                                      0x0108aa74
                                      0x010e447c
                                      0x010e4483
                                      0x010e4492
                                      0x0108aa52
                                      0x0108aa54
                                      0x0108aa5e
                                      0x010e44a8
                                      0x010e44ad
                                      0x010e44af
                                      0x010e44b6
                                      0x010e44b6
                                      0x010e44b9
                                      0x010e44bc
                                      0x010e44cd
                                      0x010e44d3
                                      0x010e44d6
                                      0x010e44e1
                                      0x010e44e1
                                      0x010e44e6
                                      0x010e44e8
                                      0x010e44fb
                                      0x010e44fb
                                      0x010e44e8
                                      0x00000000
                                      0x0108aa5e
                                      0x010e4476
                                      0x0108aa42
                                      0x0108aa46
                                      0x0108aa48
                                      0x0108aa4c
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03f207510fed5136ad48e54080edc6057b16a933ac8b5bf138f81cb80c1716d2
                                      • Instruction ID: 4623da016c9628ff655215442daf6e24c88fbe2a766b3406fb26f47584547e5c
                                      • Opcode Fuzzy Hash: 03f207510fed5136ad48e54080edc6057b16a933ac8b5bf138f81cb80c1716d2
                                      • Instruction Fuzzy Hash: F231C471A0021AEBDB15AF65CD41ABFB7B8EF14700B05406AF981DB140E7749910CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BE730 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E010BE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E010C9670() < 0) {
					E010DDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1177b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = E010A4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M010BE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                      0x010be730
                                      0x010be736
                                      0x010be738
                                      0x010be73d
                                      0x010be73e
                                      0x010be740
                                      0x010be749
                                      0x010be765
                                      0x010be76a
                                      0x010be76b
                                      0x010be76c
                                      0x010be76d
                                      0x010be76e
                                      0x010be76f
                                      0x010be775
                                      0x010be777
                                      0x010be77e
                                      0x010fb675
                                      0x010be784
                                      0x010be784
                                      0x010be789
                                      0x010be7a8
                                      0x010be7ac
                                      0x010be807
                                      0x010be7ae
                                      0x010be7ae
                                      0x010be7b1
                                      0x010be7b4
                                      0x010be7b9
                                      0x010be7c0
                                      0x010be7c4
                                      0x010be7ca
                                      0x010be7cc
                                      0x00000000
                                      0x010be7d3
                                      0x010be7d6
                                      0x00000000
                                      0x00000000
                                      0x010be7ff
                                      0x010be802
                                      0x00000000
                                      0x00000000
                                      0x010be7f9
                                      0x010be7fc
                                      0x00000000
                                      0x00000000
                                      0x010be7f3
                                      0x010be7f6
                                      0x00000000
                                      0x00000000
                                      0x010be7ed
                                      0x010be7f0
                                      0x00000000
                                      0x00000000
                                      0x010be7e7
                                      0x010be7ea
                                      0x00000000
                                      0x00000000
                                      0x010fb685
                                      0x010fb688
                                      0x00000000
                                      0x00000000
                                      0x010fb682
                                      0x00000000
                                      0x00000000
                                      0x010be7cc
                                      0x010be7d9
                                      0x010be7dc
                                      0x010be7de
                                      0x010be7de
                                      0x010be7ac
                                      0x010be7e4
                                      0x010be74b
                                      0x010be751
                                      0x010be759
                                      0x010be761
                                      0x010be761

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c53907e1c10846a9c75861b29480fc8ff4eedfd2a76a53f62481b7f30a09b90
                                      • Instruction ID: 1e2de0a61404149c0b97f9a68ca3d223aa135b8a61d2b1d8a0478c1d2ea98756
                                      • Opcode Fuzzy Hash: 7c53907e1c10846a9c75861b29480fc8ff4eedfd2a76a53f62481b7f30a09b90
                                      • Instruction Fuzzy Hash: A8316F75A54249EFD744CF58D881BDABBE8FB09314F1482A6F948CB341D671ED80CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BBC2C Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E010BBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1176100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E010A2280(0xd, 0x574f1a0);
				_t41 =  *0x11760f8; // 0x0
				if(_t41 != 0) {
					 *0x11760f8 =  *_t41;
					 *0x11760fc =  *0x11760fc + 0xffff;
				}
				E0109FFB0(_t41, 0x800, 0x574f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11760f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = E010A4620(0x1176100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1176100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                      0x010bbc36
                                      0x010bbc42
                                      0x010bbc45
                                      0x010bbc4a
                                      0x010bbd35
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010bbc50
                                      0x010bbc50
                                      0x010bbc58
                                      0x010bbc5a
                                      0x010bbc60
                                      0x00000000
                                      0x00000000
                                      0x010fa4f2
                                      0x010fa4f6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010fa4fc
                                      0x010bbc79
                                      0x010bbc7e
                                      0x010bbc86
                                      0x010bbd16
                                      0x010bbd20
                                      0x010bbd20
                                      0x010bbc8d
                                      0x010bbc94
                                      0x010bbcbd
                                      0x010bbcca
                                      0x010bbccb
                                      0x010bbccc
                                      0x010bbccd
                                      0x010bbcce
                                      0x010bbcd4
                                      0x010bbcea
                                      0x010bbcee
                                      0x010bbcf2
                                      0x010bbd00
                                      0x010bbd04
                                      0x00000000
                                      0x010bbc96
                                      0x010bbcab
                                      0x010bbcaf
                                      0x010bbd2c
                                      0x010bbd2c
                                      0x010bbd09
                                      0x00000000
                                      0x010bbd09
                                      0x010bbcb1
                                      0x010bbcb5
                                      0x010bbcbb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010bbcbb

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f3d4085983839004825471f748426dea808cc92f6513e0faf6344dc9ce8e971
                                      • Instruction ID: 140e97155c903e508b15f5f339dbcc2f4fe455e211583e7680718de68261325a
                                      • Opcode Fuzzy Hash: 3f3d4085983839004825471f748426dea808cc92f6513e0faf6344dc9ce8e971
                                      • Instruction Fuzzy Hash: FF31F132600A069FDB62EF58D4C07EA77B4FB18310F044078D994EB305E774D945CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01089100 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E01089100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x115f6e8);
				E010DD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011588F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E010DD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11786c0; // 0xb207b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11786b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E010A2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011588F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E010CAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x117b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11784c0;
										if(_t69 >=  *0x11784c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01159063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0108922A(_t82);
							_t53 = E010A7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01158B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11786c0; // 0xb207b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11786b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11786bc;
										_t72 = 0x11786b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01089240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11786c4;
									_t72 = 0x11786c0;
									L18:
									E010B9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                      0x01089100
                                      0x01089100
                                      0x01089100
                                      0x01089100
                                      0x01089102
                                      0x01089107
                                      0x0108910c
                                      0x01089110
                                      0x01089115
                                      0x01089136
                                      0x01089143
                                      0x010e37e4
                                      0x010e37e4
                                      0x01089149
                                      0x0108914e
                                      0x0108914e
                                      0x01089117
                                      0x0108911d
                                      0x00000000
                                      0x00000000
                                      0x0108911f
                                      0x01089125
                                      0x00000000
                                      0x01089151
                                      0x01089158
                                      0x0108915d
                                      0x01089161
                                      0x01089168
                                      0x010e3715
                                      0x00000000
                                      0x0108916e
                                      0x0108916e
                                      0x01089175
                                      0x01089177
                                      0x0108917e
                                      0x0108917f
                                      0x01089182
                                      0x01089182
                                      0x01089187
                                      0x01089187
                                      0x0108918a
                                      0x0108918d
                                      0x0108918f
                                      0x01089192
                                      0x01089195
                                      0x01089198
                                      0x01089198
                                      0x01089198
                                      0x0108919a
                                      0x00000000
                                      0x00000000
                                      0x010e371f
                                      0x010e3721
                                      0x010e3727
                                      0x010e372f
                                      0x010e3733
                                      0x010e3735
                                      0x010e3738
                                      0x010e373b
                                      0x010e373d
                                      0x010e3740
                                      0x00000000
                                      0x00000000
                                      0x010e3746
                                      0x010e3749
                                      0x00000000
                                      0x00000000
                                      0x010e374f
                                      0x010e3751
                                      0x00000000
                                      0x00000000
                                      0x010e3757
                                      0x010e3759
                                      0x010e375c
                                      0x010e375c
                                      0x010e375e
                                      0x010e375e
                                      0x010e3761
                                      0x010e3764
                                      0x00000000
                                      0x00000000
                                      0x010e3766
                                      0x010e3768
                                      0x010e37a3
                                      0x010e37a3
                                      0x010e37a5
                                      0x010e37a7
                                      0x010e37ad
                                      0x010e37b0
                                      0x010e37b2
                                      0x010e37bc
                                      0x010e37c2
                                      0x010e37c2
                                      0x010e37b2
                                      0x01089187
                                      0x01089187
                                      0x0108918a
                                      0x0108918d
                                      0x0108918f
                                      0x01089192
                                      0x01089195
                                      0x00000000
                                      0x01089195
                                      0x00000000
                                      0x01089187
                                      0x010e376a
                                      0x010e376a
                                      0x010e376c
                                      0x010e376c
                                      0x010e376f
                                      0x010e3775
                                      0x00000000
                                      0x00000000
                                      0x010e3777
                                      0x010e3779
                                      0x00000000
                                      0x00000000
                                      0x010e3782
                                      0x010e3787
                                      0x010e3789
                                      0x010e3790
                                      0x010e3790
                                      0x010e378b
                                      0x010e378b
                                      0x010e378b
                                      0x010e3792
                                      0x010e3795
                                      0x010e3795
                                      0x010e3798
                                      0x010e3798
                                      0x010e379b
                                      0x010e379b
                                      0x010891a3
                                      0x010891a9
                                      0x010891b0
                                      0x010891b4
                                      0x010891b4
                                      0x010891bb
                                      0x010891c0
                                      0x010891c5
                                      0x010891c7
                                      0x010e37da
                                      0x010891cd
                                      0x010891cd
                                      0x010891cd
                                      0x010891d2
                                      0x010891d5
                                      0x01089239
                                      0x01089239
                                      0x010891d7
                                      0x010891db
                                      0x010891e1
                                      0x010891e7
                                      0x010891fd
                                      0x01089203
                                      0x0108921e
                                      0x01089223
                                      0x00000000
                                      0x01089223
                                      0x01089205
                                      0x01089208
                                      0x0108920c
                                      0x01089214
                                      0x01089214
                                      0x010891e9
                                      0x010891e9
                                      0x010891ee
                                      0x010891f3
                                      0x010891f3
                                      0x010891f3
                                      0x010891e7
                                      0x00000000
                                      0x010891db
                                      0x01089187
                                      0x01089168

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4192f4fb779a5faacbba2cf0d85a60e0ddd804fa85f82ff8034adea9396f6bec
                                      • Instruction ID: e89faa4e7d9db993fec834a1d7c3bbdf5e0c6eab486821c9b5e21db5e351f5cb
                                      • Opcode Fuzzy Hash: 4192f4fb779a5faacbba2cf0d85a60e0ddd804fa85f82ff8034adea9396f6bec
                                      • Instruction Fuzzy Hash: E6317C75A09245EFDB66FB6DC488BACBBF1BB88318F18819DD5D467341C334A980CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BF527 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E010BF527(void* __ecx, void* __edx, signed int* _a4) {
				char _v8;
				signed int _v12;
				void* __ebx;
				signed int _t28;
				signed int _t32;
				signed int _t34;
				signed char* _t37;
				intOrPtr _t38;
				intOrPtr* _t50;
				signed int _t53;
				void* _t69;

				_push(__ecx);
				_push(__ecx);
				_t69 = __ecx;
				_t53 =  *(__ecx + 0x10);
				_t50 = __ecx + 0x14;
				_t28 = _t53 + __edx;
				_v12 = _t28;
				if(_t28 >  *_t50) {
					_v8 = _t28 -  *_t50;
					_push(E010B0678( *((intOrPtr*)(__ecx + 0xc)), 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push(_t50);
					_push(0xffffffff);
					_t32 = E010C9660();
					__eflags = _t32;
					if(_t32 < 0) {
						 *_a4 =  *_a4 & 0x00000000;
						L2:
						return _t32;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)) + 0x1e8)) + _v8;
					_t34 = E010A7D50();
					_t66 = 0x7ffe0380;
					__eflags = _t34;
					if(_t34 != 0) {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					} else {
						_t37 = 0x7ffe0380;
					}
					__eflags =  *_t37;
					if( *_t37 != 0) {
						_t38 =  *[fs:0x30];
						__eflags =  *(_t38 + 0x240) & 0x00000001;
						if(( *(_t38 + 0x240) & 0x00000001) == 0) {
							goto L7;
						}
						__eflags = E010A7D50();
						if(__eflags != 0) {
							_t66 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01141582(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, __eflags, _v8,  *( *((intOrPtr*)(_t69 + 0xc)) + 0x74) << 3,  *_t66 & 0x000000ff);
						E0114138A(_t50,  *((intOrPtr*)(_t69 + 0xc)),  *_t50, _v8, 9);
						goto L7;
					} else {
						L7:
						 *_t50 =  *_t50 + _v8;
						_t53 =  *(_t69 + 0x10);
						goto L1;
					}
				}
				L1:
				 *_a4 = _t53;
				 *(_t69 + 0x10) = _v12;
				_t32 = 0;
				goto L2;
			}














                                      0x010bf52c
                                      0x010bf52d
                                      0x010bf530
                                      0x010bf533
                                      0x010bf536
                                      0x010bf539
                                      0x010bf53c
                                      0x010bf541
                                      0x010bf561
                                      0x010bf569
                                      0x010bf56a
                                      0x010bf572
                                      0x010bf573
                                      0x010bf575
                                      0x010bf576
                                      0x010bf578
                                      0x010bf57d
                                      0x010bf57f
                                      0x010bf5b7
                                      0x010bf550
                                      0x010bf556
                                      0x010bf556
                                      0x010bf587
                                      0x010bf58d
                                      0x010bf592
                                      0x010bf597
                                      0x010bf599
                                      0x010fbcc9
                                      0x010bf59f
                                      0x010bf59f
                                      0x010bf59f
                                      0x010bf5a1
                                      0x010bf5a4
                                      0x010fbcd3
                                      0x010fbcd9
                                      0x010fbce0
                                      0x00000000
                                      0x00000000
                                      0x010fbceb
                                      0x010fbced
                                      0x010fbcf8
                                      0x010fbcf8
                                      0x010fbcf8
                                      0x010fbd11
                                      0x010fbd20
                                      0x00000000
                                      0x010bf5aa
                                      0x010bf5aa
                                      0x010bf5ad
                                      0x010bf5af
                                      0x00000000
                                      0x010bf5af
                                      0x010bf5a4
                                      0x010bf543
                                      0x010bf546
                                      0x010bf54b
                                      0x010bf54e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                      • Instruction ID: 2f4fefa80d4df32c378d0669f131e1fecf2a0c6be94acfec7e15fe5fd018f1d7
                                      • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                      • Instruction Fuzzy Hash: FA317A31600649EFD721CF68C880FAAB7F9EF44354F1445A9EA958B690E770EE01CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B1DB5 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E010B1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E010AF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = E010A4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E010AF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                      0x010b1dc2
                                      0x010b1dc5
                                      0x010b1dc7
                                      0x010b1dcc
                                      0x010b1dce
                                      0x010b1dd6
                                      0x010b1ddf
                                      0x010b1de0
                                      0x010b1de1
                                      0x010b1de5
                                      0x010b1de8
                                      0x010b1def
                                      0x010b1df0
                                      0x010b1df6
                                      0x010b1df7
                                      0x010b1dfe
                                      0x010b1e1a
                                      0x00000000
                                      0x00000000
                                      0x010b1e0b
                                      0x010b1e12
                                      0x010b1e12
                                      0x010b1e00
                                      0x010b1e00
                                      0x010b1e05
                                      0x010b1e1e
                                      0x010b1e23
                                      0x010f570f
                                      0x010f5713
                                      0x00000000
                                      0x00000000
                                      0x010f5719
                                      0x010f5719
                                      0x010b1e2c
                                      0x010b1e2d
                                      0x010b1e2e
                                      0x010b1e2f
                                      0x010b1e31
                                      0x010b1e32
                                      0x010b1e35
                                      0x010b1e3d
                                      0x010f5723
                                      0x010f573d
                                      0x010f573d
                                      0x00000000
                                      0x010f5723
                                      0x010b1e49
                                      0x010b1e4e
                                      0x010b1e4e
                                      0x010b1e09
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction ID: 2bcd2984c4050bf90a38ee06cb993a9238d2834c77e342e371027d8996f2cc5b
                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction Fuzzy Hash: 5B219F32600219FBD721CF99DC95EEEBBBDEF89740F114095EA91D7210D670AE01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A8D76 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E010A8D76(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t24;
				intOrPtr* _t26;
				char* _t27;
				intOrPtr* _t32;
				char* _t33;
				signed char _t43;
				signed char _t44;
				signed char _t52;
				void* _t56;
				intOrPtr* _t57;

				_t56 = __edx;
				_t57 = __ecx;
				if(( *(__edx + 0x10) & 0x0000ffff) == 0) {
					L14:
					_t52 = 0;
				} else {
					_t52 = 1;
					if(( *0x11784b4 & 0x00000004) == 0) {
						_t24 =  *(__ecx + 0x5c) & 0x0000ffff;
						if(_t24 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x106ade8 + _t24 * 2) & 0x0000ffff) << 4) {
							goto L2;
						} else {
							asm("sbb bl, bl");
							_t44 = _t43 & 1;
							goto L3;
						}
						goto L10;
					} else {
						L2:
						_t44 = 0;
					}
					L3:
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t26 != 0) {
						if( *_t26 == 0) {
							goto L4;
						} else {
							_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							goto L5;
						}
						L23:
					} else {
						L4:
						_t27 = 0x7ffe038a;
					}
					L5:
					if( *_t27 != 0) {
						L21:
						if(_t44 != 0) {
							E01141751(_t44,  *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0xc)) + 0xc)),  *((intOrPtr*)(_t56 + 4)),  *(_t57 + 0x5c) & 0x0000ffff);
							_t52 = 1;
							goto L9;
						}
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
						if(_t32 != 0) {
							if( *_t32 == 0) {
								goto L7;
							} else {
								_t33 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								goto L8;
							}
							goto L23;
						} else {
							L7:
							_t33 = 0x7ffe0380;
						}
						L8:
						if( *_t33 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
								goto L9;
							} else {
								goto L21;
							}
						} else {
							L9:
							if(_t44 != 0) {
								goto L14;
							}
						}
					}
				}
				L10:
				return _t52;
				goto L23;
			}














                                      0x010a8d7b
                                      0x010a8d7d
                                      0x010a8d89
                                      0x010a8e01
                                      0x010a8e01
                                      0x010a8d8b
                                      0x010a8d8d
                                      0x010a8d95
                                      0x010a8de1
                                      0x010a8de8
                                      0x00000000
                                      0x010a8dfc
                                      0x010f0592
                                      0x010f0594
                                      0x00000000
                                      0x010f0594
                                      0x00000000
                                      0x010a8d97
                                      0x010a8d97
                                      0x010a8d97
                                      0x010a8d97
                                      0x010a8d99
                                      0x010a8d9f
                                      0x010a8da4
                                      0x010f059e
                                      0x00000000
                                      0x010f05a4
                                      0x010f05ad
                                      0x00000000
                                      0x010f05ad
                                      0x00000000
                                      0x010a8daa
                                      0x010a8daa
                                      0x010a8daa
                                      0x010a8daa
                                      0x010a8daf
                                      0x010a8db2
                                      0x010f05e6
                                      0x010f05e8
                                      0x010f05fe
                                      0x010f0605
                                      0x00000000
                                      0x010f0605
                                      0x010a8db8
                                      0x010a8dbe
                                      0x010a8dc3
                                      0x010f05ba
                                      0x00000000
                                      0x010f05c0
                                      0x010f05c9
                                      0x00000000
                                      0x010f05c9
                                      0x00000000
                                      0x010a8dc9
                                      0x010a8dc9
                                      0x010a8dc9
                                      0x010a8dc9
                                      0x010a8dce
                                      0x010a8dd1
                                      0x010f05e0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010a8dd7
                                      0x010a8dd7
                                      0x010a8dd9
                                      0x00000000
                                      0x00000000
                                      0x010a8dd9
                                      0x010a8dd1
                                      0x010a8db2
                                      0x010a8ddd
                                      0x010a8de0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65a21433f3957287b6f07371d7e617a161432519a0077f7182143ca3407764e4
                                      • Instruction ID: 3e18e22a2e10c5ad17804280d33e3a33ac08199fea15209837b2a6ef8d23c92a
                                      • Opcode Fuzzy Hash: 65a21433f3957287b6f07371d7e617a161432519a0077f7182143ca3407764e4
                                      • Instruction Fuzzy Hash: 0221F338241A80CFE3A6DB6CC098B7677E4FB51B46F4884DBE9C28BA51C378D881C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01106C0A Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E01106C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E010A7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1177b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = E010A4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E010CF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E010A7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E010C9AE0();
						_t23 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                      0x01106c0a
                                      0x01106c0f
                                      0x01106c10
                                      0x01106c13
                                      0x01106c15
                                      0x01106c19
                                      0x01106c1c
                                      0x01106c21
                                      0x01106c28
                                      0x01106c3a
                                      0x01106c2a
                                      0x01106c33
                                      0x01106c33
                                      0x01106c3f
                                      0x01106c48
                                      0x01106c4d
                                      0x01106c60
                                      0x01106c65
                                      0x01106c69
                                      0x01106c73
                                      0x01106c79
                                      0x01106c7f
                                      0x01106c86
                                      0x01106c90
                                      0x01106c94
                                      0x01106ca6
                                      0x01106cb2
                                      0x01106cbd
                                      0x01106cbd
                                      0x01106cc3
                                      0x01106cc7
                                      0x01106ccb
                                      0x01106cd0
                                      0x01106cd1
                                      0x01106ce2
                                      0x01106ce2
                                      0x01106c69
                                      0x01106ced

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e5f7899d02d96509a133869b24907351466e19ba7be26595cd5278ac53c5191
                                      • Instruction ID: 32948a4302a916a08a0cd9478a5c9ba17383e3f10d4aa1c95b4039dd8d473c31
                                      • Opcode Fuzzy Hash: 0e5f7899d02d96509a133869b24907351466e19ba7be26595cd5278ac53c5191
                                      • Instruction Fuzzy Hash: A521AB71A00645AFD716DBA8D980E6AB7B8FF48700F044069F944D7790D775ED10CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01084A20 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 64%
                                      			E01084A20(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				char* _t21;
				void* _t32;
				intOrPtr* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t40;
				void* _t50;

				if(E010A7D50() != 0) {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				} else {
					_t21 = 0x7ffe0386;
				}
				_t40 = _a4;
				if( *_t21 != 0) {
					E01159BBE(_t40,  *((intOrPtr*)(_t40 + 0x20)),  *((intOrPtr*)(_t40 + 0x24)),  *((intOrPtr*)(_t40 + 0x34)));
				}
				if(_a8 == 0 && ( *(_t40 + 0x1c) & 0x000000c0) != 0) {
					_push(2);
					_pop(0);
				}
				_t34 =  *((intOrPtr*)(_t40 + 0x14));
				_t36 =  *0x11786b8; // 0x0
				if(_t34 == 0) {
					_t34 = _t36;
					if(0 == 0) {
						_t34 =  *0x11786c0;
					}
				}
				_t50 = _t34 -  *0x11786c0; // 0xb207b0
				if(_t50 != 0) {
					__eflags = _t34 - _t36;
					if(__eflags != 0) {
						__eflags = 0xffffffff;
						asm("lock xadd [ecx], eax");
						if(0xffffffff == 0) {
							E01089240(_t32, _t34, _t38, _t40, 0xffffffff);
						}
						L11:
						if( *((intOrPtr*)(_t40 + 0x18)) != 0) {
							_push( *((intOrPtr*)(_t40 + 0x18)));
							E010C95D0();
						}
						if( *((intOrPtr*)(_t40 + 0x28)) != 0xffffffff) {
							E010B9B10( *((intOrPtr*)(_t40 + 0x28)));
						}
						if( *((intOrPtr*)(_t40 + 0x2c)) != 0) {
							E01090840(_t34,  *((intOrPtr*)(_t40 + 0x2c)));
						}
						return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t40);
					}
					_t37 = 0x11786bc;
					_t34 = 0x11786b8;
					L10:
					E010B9B82(_t32, _t34, _t37, _t38, _t40, _t50);
					goto L11;
				}
				_t37 = 0x11786c4;
				_t34 = 0x11786c0;
				goto L10;
			}













                                      0x01084a31
                                      0x010e0a89
                                      0x01084a37
                                      0x01084a37
                                      0x01084a37
                                      0x01084a3f
                                      0x01084a42
                                      0x010e0a9e
                                      0x010e0a9e
                                      0x01084a4d
                                      0x01084abf
                                      0x01084ac1
                                      0x01084ac1
                                      0x01084a55
                                      0x01084a58
                                      0x01084a60
                                      0x01084a62
                                      0x01084a66
                                      0x01084a68
                                      0x01084a68
                                      0x01084a66
                                      0x01084a6e
                                      0x01084a74
                                      0x010e0aa8
                                      0x010e0aaa
                                      0x010e0abb
                                      0x010e0abe
                                      0x010e0ac2
                                      0x010e0ac8
                                      0x010e0ac8
                                      0x01084a89
                                      0x01084a8d
                                      0x010e0ad2
                                      0x010e0ad5
                                      0x010e0ad5
                                      0x01084a97
                                      0x010e0ae2
                                      0x010e0ae2
                                      0x01084aa1
                                      0x010e0aef
                                      0x010e0aef
                                      0x01084abc
                                      0x01084abc
                                      0x010e0aac
                                      0x010e0ab1
                                      0x01084a84
                                      0x01084a84
                                      0x00000000
                                      0x01084a84
                                      0x01084a7a
                                      0x01084a7f
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29a604df5eedcfd54b4ceccc71739058860471f6cc06184b290a34533c72c1e9
                                      • Instruction ID: 3874207acdef2c08a52a80f2caa80dfd8cf12bc445f146072c78410f56bc7297
                                      • Opcode Fuzzy Hash: 29a604df5eedcfd54b4ceccc71739058860471f6cc06184b290a34533c72c1e9
                                      • Instruction Fuzzy Hash: 96212931204603DFCB76BB29C904B2BB7F5EB50224F144769F4D29A6E5D730A841CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C90AF Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E010C90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E010DD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E010BE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = E010A4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E010CF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E010BA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                      0x010c90af
                                      0x010c90b8
                                      0x010c90bb
                                      0x010c90bf
                                      0x010c90c2
                                      0x010c90c2
                                      0x010c90c8
                                      0x010c90cb
                                      0x010c90cd
                                      0x011014d7
                                      0x011014eb
                                      0x011014eb
                                      0x00000000
                                      0x011014eb
                                      0x011014db
                                      0x011014e6
                                      0x00000000
                                      0x011014f2
                                      0x011014e8
                                      0x00000000
                                      0x011014e8
                                      0x010c90d8
                                      0x010c90da
                                      0x010c90dd
                                      0x010c90e5
                                      0x00000000
                                      0x010c9139
                                      0x010c90fa
                                      0x010c90fe
                                      0x010c9142
                                      0x00000000
                                      0x010c9142
                                      0x010c9104
                                      0x010c9107
                                      0x010c910b
                                      0x010c9110
                                      0x010c9118
                                      0x010c9147
                                      0x010c9148
                                      0x010c914f
                                      0x010c9150
                                      0x010c9151
                                      0x010c9152
                                      0x010c9156
                                      0x010c915d
                                      0x010c9160
                                      0x010c9168
                                      0x010c916c
                                      0x010c91bc
                                      0x010c91be
                                      0x00000000
                                      0x010c91be
                                      0x010c916e
                                      0x010c9173
                                      0x010c9176
                                      0x00000000
                                      0x00000000
                                      0x010c917c
                                      0x010c9180
                                      0x010c91b5
                                      0x00000000
                                      0x010c91b5
                                      0x010c9182
                                      0x010c9185
                                      0x010c9189
                                      0x00000000
                                      0x00000000
                                      0x010c918e
                                      0x010c9190
                                      0x010c9198
                                      0x00000000
                                      0x00000000
                                      0x010c91a0
                                      0x00000000
                                      0x010c91ad
                                      0x010c91ad
                                      0x010c91b0
                                      0x010c91b1
                                      0x00000000
                                      0x010c9185
                                      0x010c911a
                                      0x010c911c
                                      0x010c911f
                                      0x010c9125
                                      0x010c9127
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction ID: 8e12f572c786d76419abf4b003136d78017b4bde27ee4f7e6573aba4fb1086bb
                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction Fuzzy Hash: 8F217C71A00205EFDB21DF59C845AAEBBF8EB94714F15886EE989E7250D370E900CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B3B7A Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E010B3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11784c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11784c0 * 0x4c;
				_t41 = __ecx;
				_t35 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11784c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E010CAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E010CFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11784c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11784c4; // 0x0
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                      0x010b3b89
                                      0x010b3b96
                                      0x010b3ba1
                                      0x010b3bab
                                      0x010b3bb5
                                      0x010b3bb9
                                      0x010f6298
                                      0x010b3bbf
                                      0x010b3bc2
                                      0x010b3bc3
                                      0x010b3bc9
                                      0x010b3bca
                                      0x010b3bcc
                                      0x010b3bcd
                                      0x010b3bd4
                                      0x010b3bd6
                                      0x010b3bdb
                                      0x010b3bea
                                      0x010b3bf7
                                      0x010b3bfb
                                      0x010b3bff
                                      0x010b3c09
                                      0x010b3c0a
                                      0x010b3c0b
                                      0x010b3c0f
                                      0x010b3c14
                                      0x010b3c18
                                      0x010b3c18
                                      0x010b3bfb
                                      0x010b3c1b
                                      0x010b3c30
                                      0x010b3c30
                                      0x010b3c3d

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff88c111fdf7f4fbd947197767d35db5bf5eb8487957fa39c2224a297575d310
                                      • Instruction ID: 1b4c0866f5d81e43c0c44647223f1b3783c1c364bbf2e1b7c8285a673aefddd8
                                      • Opcode Fuzzy Hash: ff88c111fdf7f4fbd947197767d35db5bf5eb8487957fa39c2224a297575d310
                                      • Instruction Fuzzy Hash: FB219272A00509AFC714DF98CD85F9EBBBDFB44708F250068E605AB251D771ED41CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01084B94 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E01084B94(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t41;
				signed int _t42;
				intOrPtr* _t46;
				intOrPtr* _t47;
				signed short _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t54;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr _t58;
				intOrPtr* _t59;

				_t58 = __ecx;
				_t56 =  *[fs:0x30];
				_v20 = __ecx;
				_v16 = _t56;
				if( *((intOrPtr*)(__ecx + 8)) == 0xddeeddee) {
					_t50 =  *(__ecx + 0x24) & 0x0000ffff;
				} else {
					_t50 =  *(__ecx + 0x7c) & 0x0000ffff;
				}
				_t38 =  *(_t56 + 0x88);
				if(_t38 == 0 || _t50 == 0) {
					L8:
					return _t38;
				} else {
					_t54 = _t50 & 0x0000ffff;
					if(_t54 > _t38) {
						goto L8;
					}
					_t51 =  *((intOrPtr*)(_t56 + 0x90));
					_v8 = _t38;
					_t46 = _t51 + _t54 * 4;
					_v12 = _t46;
					_t47 = _t46 + 0xfffffffc;
					_t11 =  &_v8;
					 *_t11 = _v8 - _t54;
					if( *_t11 != 0) {
						_t59 = _v12;
						_t57 = _v8;
						do {
							_t39 =  *_t59;
							_t59 = _t59 + 4;
							 *_t47 = _t39;
							if( *((intOrPtr*)(_t39 + 8)) == 0xddeeddee) {
								_t52 =  *(_t39 + 0x24) & 0x0000ffff;
							} else {
								_t52 =  *(_t39 + 0x7c) & 0x0000ffff;
							}
							E01084C73(_t39, _t52, _t52 - 1);
							_t41 =  *_t47;
							if( *((intOrPtr*)(_t41 + 8)) == 0xddeeddee) {
								 *((intOrPtr*)(_t41 + 0x24)) =  *((intOrPtr*)(_t41 + 0x24)) + 0xffff;
							} else {
								 *((intOrPtr*)(_t41 + 0x7c)) =  *((intOrPtr*)(_t41 + 0x7c)) + 0xffff;
							}
							_t47 = _t47 + 4;
							_t57 = _t57 - 1;
						} while (_t57 != 0);
						_t56 = _v16;
						_t58 = _v20;
						_t38 =  *(_t56 + 0x88);
						_t51 =  *((intOrPtr*)(_t56 + 0x90));
					}
					_t42 = _t38 - 1;
					 *(_t56 + 0x88) = _t42;
					 *(_t51 + _t42 * 4) =  *(_t51 + _t42 * 4) & 0x00000000;
					if( *((intOrPtr*)(_t58 + 8)) == 0xddeeddee) {
						 *((short*)(_t58 + 0x24)) = 0;
						return 0;
					}
					 *((short*)(_t58 + 0x7c)) = 0;
					return 0;
				}
			}





















                                      0x01084b9d
                                      0x01084ba0
                                      0x01084ba7
                                      0x01084bb1
                                      0x01084bb4
                                      0x010e0b4d
                                      0x01084bba
                                      0x01084bba
                                      0x01084bba
                                      0x01084bbe
                                      0x01084bc6
                                      0x01084c0c
                                      0x01084c0c
                                      0x01084bcd
                                      0x01084bcd
                                      0x01084bd2
                                      0x00000000
                                      0x00000000
                                      0x01084bd4
                                      0x01084bdb
                                      0x01084bde
                                      0x01084be1
                                      0x01084be4
                                      0x01084be7
                                      0x01084be7
                                      0x01084bea
                                      0x01084c0d
                                      0x01084c10
                                      0x01084c13
                                      0x01084c13
                                      0x01084c15
                                      0x01084c18
                                      0x01084c21
                                      0x01084c5f
                                      0x01084c23
                                      0x01084c23
                                      0x01084c23
                                      0x01084c2a
                                      0x01084c2f
                                      0x01084c3d
                                      0x01084c65
                                      0x01084c3f
                                      0x01084c3f
                                      0x01084c3f
                                      0x01084c43
                                      0x01084c46
                                      0x01084c46
                                      0x01084c4b
                                      0x01084c4e
                                      0x01084c51
                                      0x01084c57
                                      0x01084c57
                                      0x01084bec
                                      0x01084bed
                                      0x01084bf4
                                      0x01084bff
                                      0x01084c6d
                                      0x00000000
                                      0x01084c6d
                                      0x01084c03
                                      0x00000000
                                      0x01084c03

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                      • Instruction ID: 94d09247b9c93856b0362ee297b7ee4533b3a9b936b1e64f211535628d56b99c
                                      • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                      • Instruction Fuzzy Hash: B631C131908A2ADFD7A8EF69C480779F7F8FF44210F1586AAC8E9D7650E770A940CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01106CF0 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E01106CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E010A7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1065c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E010BF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E010BF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01107016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L010A2400( &_v52);
								}
								_t21 = L010A2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                      0x01106cfb
                                      0x01106d00
                                      0x01106d02
                                      0x01106d06
                                      0x01106d0a
                                      0x01106d0e
                                      0x01106d19
                                      0x01106d2b
                                      0x01106d1b
                                      0x01106d24
                                      0x01106d24
                                      0x01106d33
                                      0x01106d39
                                      0x01106d46
                                      0x01106d4f
                                      0x01106d61
                                      0x01106d51
                                      0x01106d5a
                                      0x01106d5a
                                      0x01106d69
                                      0x01106d6b
                                      0x01106d6d
                                      0x01106d6f
                                      0x01106d6f
                                      0x01106d74
                                      0x01106d79
                                      0x01106d7a
                                      0x01106d7f
                                      0x01106d82
                                      0x01106d88
                                      0x01106d89
                                      0x01106d90
                                      0x01106d94
                                      0x01106da7
                                      0x01106db1
                                      0x01106db1
                                      0x01106dbb
                                      0x01106dbb
                                      0x01106d90
                                      0x01106d69
                                      0x01106d46
                                      0x01106dc6

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56172b25e9f8f6898f8104cf8e05ebc32bbdc4e5149036fbe42f998b500a6e50
                                      • Instruction ID: 0ee7b15c2b467ea603108e97c5a497cffc901762cf22326a7f855323522952ee
                                      • Opcode Fuzzy Hash: 56172b25e9f8f6898f8104cf8e05ebc32bbdc4e5149036fbe42f998b500a6e50
                                      • Instruction Fuzzy Hash: 3E2128328042469BD316DF6CC944B9BBBECEF91250F040556FAC0C7290D774C958C7A2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0115070D Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0115070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011507DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0114AFDE( &_v8,  &_v12);
					E01151293(_t38, _v28, _t60);
					if(E010A7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E011414FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                      0x0115071b
                                      0x01150724
                                      0x01150734
                                      0x01150738
                                      0x0115074b
                                      0x0115074b
                                      0x01150753
                                      0x01150753
                                      0x01150759
                                      0x0115075d
                                      0x01150774
                                      0x01150779
                                      0x0115077d
                                      0x01150789
                                      0x01150795
                                      0x011507a7
                                      0x01150797
                                      0x011507a0
                                      0x011507a0
                                      0x011507af
                                      0x011507c4
                                      0x011507cd
                                      0x011507cd
                                      0x011507af
                                      0x011507dc

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction ID: 7720f6a7322e470ff1daac4a2710c775853cfde590124c413d72d5936f93f8a5
                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction Fuzzy Hash: 83210437204600EFD709DF98C884BAABBA6EFD4750F048569FDA58B381D730D949CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108519E Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E0108519E(signed short* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _t17;
				signed int _t18;
				char _t27;
				signed short _t32;
				signed short* _t34;
				void* _t35;

				_t34 = __ecx;
				_t27 = 0;
				_t29 = 0;
				_t35 = E010852A5(0);
				if(_t35 == 0) {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_v12 =  *((intOrPtr*)(_t29 + 0x24));
					_t17 =  *((intOrPtr*)(_t29 + 0x28));
				} else {
					_v12 =  *((intOrPtr*)(_t35 + 0xc));
					_t17 =  *((intOrPtr*)(_t35 + 0x10));
				}
				_t32 = _v12;
				_v8 = _t17;
				_t18 =  *_t34 & 0x0000ffff;
				if(_t32 <= 6) {
					if(_t32 != _t18) {
						goto L4;
					}
					goto L10;
				} else {
					_t29 = (_t32 & 0x0000ffff) - 2;
					if((_t32 & 0x0000ffff) - 2 == _t18) {
						_v12 = _t32 + 0xfffe;
						L10:
						_t18 = E010A9DA0(_t29,  &_v12, _t34, 1);
						if(_t18 != 0) {
							_t27 = 1;
						}
					}
					L4:
					if(_t35 == 0) {
						E0109EB70(_t29, 0x11779a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t18 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t35 + 4)));
							E010C95D0();
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t35);
						}
					}
					return _t27;
				}
			}











                                      0x010851a9
                                      0x010851ab
                                      0x010851ad
                                      0x010851b4
                                      0x010851b8
                                      0x010e0c9c
                                      0x010e0ca2
                                      0x010e0ca5
                                      0x010851be
                                      0x010851c1
                                      0x010851c4
                                      0x010851c4
                                      0x010851c7
                                      0x010851cb
                                      0x010851ce
                                      0x010851d5
                                      0x010e0cbe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010851db
                                      0x010851de
                                      0x010851e3
                                      0x010e0cb5
                                      0x010e0cc4
                                      0x010e0ccb
                                      0x010e0cd2
                                      0x010e0cd8
                                      0x010e0cd8
                                      0x010e0cd2
                                      0x010851e9
                                      0x010851eb
                                      0x010e0ce4
                                      0x010851f1
                                      0x010851f4
                                      0x010851f8
                                      0x010e0cee
                                      0x010e0cf1
                                      0x010e0d03
                                      0x010e0d03
                                      0x010851f8
                                      0x01085206
                                      0x01085206

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d088463e66eb305adeb9c32beff1a12d8fbce4efbc5cedae57cb61d3a5380e54
                                      • Instruction ID: 1bb46b758b23acb6b221304b0c6ab07844d34045777dcdfffeb742d18ea61f73
                                      • Opcode Fuzzy Hash: d088463e66eb305adeb9c32beff1a12d8fbce4efbc5cedae57cb61d3a5380e54
                                      • Instruction Fuzzy Hash: 63112431A013059BCF60AB69C840ABABBE5EB14710F1401AAF8C693680DA71CC41C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01107794 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E01107794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1177b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E010CF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E010A7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E010C9AE0();
					_t24 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                      0x01107799
                                      0x0110779a
                                      0x0110779b
                                      0x011077a3
                                      0x011077ab
                                      0x011077ae
                                      0x011077b1
                                      0x011077b1
                                      0x011077bf
                                      0x011077c4
                                      0x011077c8
                                      0x011077ce
                                      0x011077d4
                                      0x011077e0
                                      0x011077e0
                                      0x011077d6
                                      0x011077d6
                                      0x011077de
                                      0x00000000
                                      0x00000000
                                      0x011077de
                                      0x011077e5
                                      0x011077f0
                                      0x011077f3
                                      0x011077f6
                                      0x011077fd
                                      0x01107800
                                      0x0110780c
                                      0x01107818
                                      0x0110782b
                                      0x0110781a
                                      0x01107823
                                      0x01107823
                                      0x01107830
                                      0x01107831
                                      0x01107838
                                      0x0110783d
                                      0x0110783e
                                      0x0110784f
                                      0x0110784f
                                      0x0110785a

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c369971392f6032088304480e1d6653fc9922b7fab506f699cd3582536df674c
                                      • Instruction ID: f5e59aa2ddfb6e463a373a74de178916b2c7a73c34d4019ae118c3a7c36b9700
                                      • Opcode Fuzzy Hash: c369971392f6032088304480e1d6653fc9922b7fab506f699cd3582536df674c
                                      • Instruction Fuzzy Hash: 4B21A172900604EBC729DFA9D884EABBBB9EF48740F10456DF64AC7790D734E900CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010812D4 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E010812D4(intOrPtr __ecx, intOrPtr* _a4) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t32;
				signed int _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;

				_push(__ecx);
				_push(__ecx);
				_t41 = 0;
				_t32 = __ecx;
				if( *_a4 != 0) {
					L8:
					_t20 = _t41;
					L9:
					return _t20;
				}
				if(__ecx <= 1) {
					_t32 = 0x25;
				}
				_t35 = 0x10;
				_t2 = _t32 - 1; // 0x24
				_t20 = E010BF3D5( &_v12, _t2 * _t35, _t2 * _t35 >> 0x20);
				if(_t20 < 0) {
					goto L9;
				} else {
					_t37 = _v12;
					_push( &_v8);
					_t39 = 0x34;
					_t41 = E01081C45(_v12, _t39);
					if(_t41 >= 0) {
						_t44 = E010A4620(_t37,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
						if(_t44 == 0) {
							_t41 = 0xc0000017;
						} else {
							E010CFA60(_t44, 0, _v8);
							 *((intOrPtr*)(_t44 + 0x2c)) = _t32;
							_t14 = _t44 + 0xc; // 0xc
							E010C58F0(0x3fff, 0x80000008, _t14);
							 *(_t44 + 8) =  *(_t44 + 8) & 0x00000000;
							 *_t44 = 0x6d6f7441;
							 *((intOrPtr*)(_t44 + 4)) = 1;
							 *_a4 = _t44;
						}
					}
					goto L8;
				}
			}











                                      0x010812d9
                                      0x010812da
                                      0x010812e0
                                      0x010812e2
                                      0x010812e6
                                      0x01081374
                                      0x01081374
                                      0x01081376
                                      0x0108137b
                                      0x0108137b
                                      0x010812ef
                                      0x010812f3
                                      0x010812f3
                                      0x010812f6
                                      0x010812f7
                                      0x01081301
                                      0x01081308
                                      0x00000000
                                      0x0108130a
                                      0x0108130a
                                      0x01081310
                                      0x01081313
                                      0x01081319
                                      0x0108131d
                                      0x01081333
                                      0x01081337
                                      0x0108137e
                                      0x01081339
                                      0x0108133f
                                      0x01081347
                                      0x0108134a
                                      0x01081358
                                      0x01081360
                                      0x01081364
                                      0x0108136a
                                      0x01081371
                                      0x01081371
                                      0x01081373
                                      0x00000000
                                      0x0108131d

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                      • Instruction ID: b315f35f50024cab77588760fc41d5532f96b94818801f2e452bb0179eb2db84
                                      • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                      • Instruction Fuzzy Hash: EB11E6B2600609EFD7219F98DC40FDEBBB8EF84750F108469FA859B580D671EE45CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BFD9B Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E010BFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010976E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                      0x010bfd9b
                                      0x010bfda0
                                      0x010bfda1
                                      0x010bfdab
                                      0x010bfdad
                                      0x010bfdb0
                                      0x010bfdb8
                                      0x010bfe0f
                                      0x010bfde6
                                      0x010bfde9
                                      0x010bfdec
                                      0x010fc0c0
                                      0x010bfdfe
                                      0x010bfe06
                                      0x010bfe06
                                      0x010fc0c8
                                      0x010bfe2d
                                      0x010bfe2d
                                      0x00000000
                                      0x010bfe2d
                                      0x010fc0d1
                                      0x010fc0e0
                                      0x010fc0e5
                                      0x010fc0e5
                                      0x010fc0e8
                                      0x00000000
                                      0x010fc0e8
                                      0x010bfdf4
                                      0x00000000
                                      0x00000000
                                      0x010bfdf6
                                      0x010bfdfa
                                      0x010bfe1a
                                      0x010bfe1f
                                      0x010bfe1f
                                      0x010bfdfc
                                      0x00000000
                                      0x010bfdfc
                                      0x010bfdcc
                                      0x010bfdd0
                                      0x010bfe26
                                      0x00000000
                                      0x010bfe26
                                      0x010bfdd8
                                      0x010bfddb
                                      0x010bfddd
                                      0x010bfde0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction ID: ca5095b0eba72c9dbe4a3614bbd1de59a58e847771a60223f4abd221565a9414
                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction Fuzzy Hash: C8218E72600646DFD735DF4DCA80EA6F7E5EB94B10F2485BEE99687A11D7309C00CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B12BD Relevance: .1, Instructions: 67COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 95%
                                      			E010B12BD(intOrPtr __ecx) {
				signed int _v8;
				signed int _t22;
				signed int _t23;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				signed int _t44;
				intOrPtr _t47;

				_push(__ecx);
				_t47 =  *[fs:0x30];
				_t37 = __ecx;
				_t40 =  *(_t47 + 0x88);
				_t44 = ( *0x1178498 & 0x0000ffff) + _t40;
				if(_t44 >= 0xfffe) {
					L4:
					return _t22;
				}
				_t23 =  *(_t47 + 0x8c);
				if(_t44 == _t23) {
					 *(_t47 + 0x8c) = _t23 + _t23;
					_t22 = E010A4620(_t40,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t23 + _t23 << 2);
					_t41 = _t22;
					_v8 = _t41;
					if(_t41 == 0) {
						 *(_t47 + 0x8c) = _t44;
						goto L4;
					}
					E010CF3E0(_t41,  *(_t47 + 0x90),  *(_t47 + 0x88) << 2);
					_t30 =  *(_t47 + 0x90);
					if( *(_t47 + 0x90) != 0x1176660) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t30);
					}
					_t40 =  *(_t47 + 0x88);
					 *(_t47 + 0x90) = _v8;
				}
				 *((intOrPtr*)( *(_t47 + 0x90) + _t40 * 4)) = _t37;
				_t22 =  *(_t47 + 0x88) + 1;
				 *(_t47 + 0x88) = _t22;
				if( *((intOrPtr*)(_t37 + 8)) == 0xddeeddee) {
					 *(_t37 + 0x24) = _t22;
				} else {
					 *(_t37 + 0x7c) = _t22;
				}
				goto L4;
			}











                                      0x010b12c2
                                      0x010b12c5
                                      0x010b12cc
                                      0x010b12d6
                                      0x010b12dc
                                      0x010b12e4
                                      0x010b1313
                                      0x010b1319
                                      0x010b1319
                                      0x010b12e6
                                      0x010b12ee
                                      0x010b131c
                                      0x010b1331
                                      0x010b1336
                                      0x010b1338
                                      0x010b133d
                                      0x010b137d
                                      0x00000000
                                      0x010b137d
                                      0x010b1350
                                      0x010b1355
                                      0x010b1363
                                      0x010f5512
                                      0x010f5512
                                      0x010b136c
                                      0x010b1372
                                      0x010b1372
                                      0x010b12f6
                                      0x010b12ff
                                      0x010b1300
                                      0x010b130d
                                      0x010b1385
                                      0x010b130f
                                      0x010b130f
                                      0x010b130f
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3873f54feb8983dae3c0fbadc695d8313fccd4c73014de5000d45d44a9fc2e2c
                                      • Instruction ID: 8fdd736d1d690e387b889aa007ae8330e0b787576df9fa5368310db14500e095
                                      • Opcode Fuzzy Hash: 3873f54feb8983dae3c0fbadc695d8313fccd4c73014de5000d45d44a9fc2e2c
                                      • Instruction Fuzzy Hash: 83216A71601600EFD774CF68D890BAAB7E9FF48A50F00886DE5DEC7651EA70AD50CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C5A69 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 95%
                                      			E010C5A69(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				signed int _t18;
				char* _t22;
				char* _t28;
				signed char _t34;
				signed char _t35;
				void* _t47;
				intOrPtr* _t48;

				_t47 = __edx;
				_t48 = __ecx;
				if(( *0x11784b4 & 0x00000004) == 0) {
					_t18 =  *(__ecx + 0x5c) & 0x0000ffff;
					if(_t18 > 0x70 ||  *((intOrPtr*)(__ecx + 0x50)) < ( *(0x106ade8 + _t18 * 2) & 0x0000ffff) << 4) {
						goto L1;
					} else {
						asm("sbb bl, bl");
						_t35 = _t34 & 0x00000001;
						L2:
						if(E010A7D50() != 0) {
							_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						} else {
							_t22 = 0x7ffe038a;
						}
						if( *_t22 != 0) {
							L16:
							if(_t35 != 0) {
								E01141751(_t35,  *((intOrPtr*)( *((intOrPtr*)( *_t48 + 0xc)) + 0xc)),  *((intOrPtr*)(_t47 + 4)),  *(_t48 + 0x5c) & 0x0000ffff);
							}
							goto L8;
						} else {
							if(E010A7D50() != 0) {
								_t28 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t28 = 0x7ffe0380;
							}
							if( *_t28 != 0) {
								if(( *( *[fs:0x30] + 0x240) & 0x00000001) == 0) {
									goto L8;
								}
								goto L16;
							} else {
								L8:
								return _t35;
							}
						}
					}
				}
				L1:
				_t35 = 0;
				goto L2;
			}











                                      0x010c5a73
                                      0x010c5a75
                                      0x010c5a77
                                      0x010c5ab7
                                      0x010c5abe
                                      0x00000000
                                      0x010c5ad2
                                      0x010ffb3a
                                      0x010ffb3c
                                      0x010c5a7b
                                      0x010c5a82
                                      0x010ffb4c
                                      0x010c5a88
                                      0x010c5a88
                                      0x010c5a88
                                      0x010c5a90
                                      0x010ffb7c
                                      0x010ffb7e
                                      0x010ffb94
                                      0x010ffb94
                                      0x00000000
                                      0x010c5a96
                                      0x010c5a9d
                                      0x010ffb5f
                                      0x010c5aa3
                                      0x010c5aa3
                                      0x010c5aa3
                                      0x010c5aab
                                      0x010ffb76
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010c5ab3
                                      0x010c5ab3
                                      0x010c5ab6
                                      0x010c5ab6
                                      0x010c5aab
                                      0x010c5a90
                                      0x010c5abe
                                      0x010c5a79
                                      0x010c5a79
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 315ac868e952dcbff835f3435c0689fdfa326b8c334acb6ce5d92b9a102011b4
                                      • Instruction ID: 24d18ffff944d6e34336d3b5d1e669689aea0047f0382638d79f40f226fd7c97
                                      • Opcode Fuzzy Hash: 315ac868e952dcbff835f3435c0689fdfa326b8c334acb6ce5d92b9a102011b4
                                      • Instruction Fuzzy Hash: 4611033A3416528FD3259B2EC8E07B977E4EB05B48F08409EE9C287B51D369EC81CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BB390 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E010BB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E010A2280(_t12, 0x1178608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010C00C2(0x1178608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                      0x010bb395
                                      0x010bb3a2
                                      0x010bb3a5
                                      0x010bb3aa
                                      0x010bb3b2
                                      0x010bb3ba
                                      0x010bb3bd
                                      0x010bb3c0
                                      0x010bb3c4
                                      0x010bb3c9
                                      0x010fa3e9
                                      0x010fa3ed
                                      0x010fa3f0
                                      0x010fa3ff
                                      0x010fa403
                                      0x010fa409
                                      0x00000000
                                      0x00000000
                                      0x010fa40b
                                      0x010fa40b
                                      0x010fa40f
                                      0x010fa415
                                      0x010fa423
                                      0x010fa423
                                      0x010fa415
                                      0x010bb3d1
                                      0x010bb3e8
                                      0x010bb3e8
                                      0x010bb3d9

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8279ad071a3887dcb7dc4309af21ceac52d2003d04ac10903e52621b0efbb028
                                      • Instruction ID: 3f5065c3902f9816fca670e47d871da692ac17ac74e96aceb8fc7bb0b2219748
                                      • Opcode Fuzzy Hash: 8279ad071a3887dcb7dc4309af21ceac52d2003d04ac10903e52621b0efbb028
                                      • Instruction Fuzzy Hash: E2116F373051109BCB198A588DC19AF76A6EBC5B30B25817DEE56D7780C9315C02C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01089240 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E01089240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x115f708);
				E010DD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010C95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010C95D0();
				_t33 =  *0x11784c4; // 0x0
				L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11784c4; // 0x0
				L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11784c4; // 0x0
				E010A2280(L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11786b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010C95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010C95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01089325();
					_t50 =  *0x11784c4; // 0x0
					return E010DD0D1(L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                      0x01089240
                                      0x01089242
                                      0x01089247
                                      0x0108924c
                                      0x0108924e
                                      0x01089255
                                      0x01089257
                                      0x0108925a
                                      0x0108925f
                                      0x0108925f
                                      0x01089266
                                      0x01089271
                                      0x01089276
                                      0x01089279
                                      0x0108927e
                                      0x01089295
                                      0x0108929a
                                      0x010892b1
                                      0x010892b6
                                      0x010892d7
                                      0x010892dc
                                      0x010892e0
                                      0x010892e6
                                      0x010892e8
                                      0x010892ee
                                      0x01089332
                                      0x01089333
                                      0x01089337
                                      0x01089338
                                      0x0108933a
                                      0x0108933a
                                      0x0108933d
                                      0x01089342
                                      0x01089342
                                      0x01089345
                                      0x01089349
                                      0x0108934e
                                      0x01089352
                                      0x01089357
                                      0x010892f4
                                      0x010892f4
                                      0x010892f6
                                      0x010892f9
                                      0x01089300
                                      0x01089306
                                      0x01089324
                                      0x01089324

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f7239cfcc02dafe8562a81789901ca2b94c27a63238ddbceeab9479b355f35c
                                      • Instruction ID: 7ae9973aa237d56d785f371efd4be377856b6ad88297822fff6ffcea5dcc8a23
                                      • Opcode Fuzzy Hash: 6f7239cfcc02dafe8562a81789901ca2b94c27a63238ddbceeab9479b355f35c
                                      • Instruction Fuzzy Hash: 59213C31041601DFC766FFA8CA40FA9BBF9BF28708F14856CE08A866A1C735E941DB44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01083138 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E01083138(void* __ecx) {
				signed int _v8;
				char _v12;
				void* _t18;
				intOrPtr _t19;
				void* _t26;
				intOrPtr* _t28;
				char* _t32;
				intOrPtr* _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t45;

				_push(__ecx);
				_push(__ecx);
				_t43 = __ecx;
				if(( *(__ecx + 0xc) & 0x00000001) != 0) {
					_t18 = 0;
				} else {
					_t34 = __ecx + 0x10;
					_t19 =  *_t34;
					_t28 =  *((intOrPtr*)(_t34 + 4));
					_t40 =  *((intOrPtr*)(_t19 + 4));
					if( *_t28 !=  *((intOrPtr*)(_t19 + 4)) ||  *_t28 != _t34) {
						_push(_t28);
						_push( *_t28);
						E0114A80D(0, 0xd, _t34, _t40);
					} else {
						 *_t28 = _t19;
						 *((intOrPtr*)(_t19 + 4)) = _t28;
					}
					_t41 =  *((intOrPtr*)(_t43 + 0x18));
					_v8 = _v8 & 0x00000000;
					_v12 =  *((intOrPtr*)(_t43 + 0x1c));
					_t45 = E010B174B( &_v12,  &_v8, 0x8000);
					if(E010A7D50() != 0) {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					} else {
						_t32 = 0x7ffe0388;
					}
					if( *_t32 != 0) {
						E0113FE3F(_t26, _t41, _v12, _v8);
					}
					_t18 = _t45;
				}
				return _t18;
			}














                                      0x0108313d
                                      0x0108313e
                                      0x01083140
                                      0x01083147
                                      0x010831ac
                                      0x01083149
                                      0x01083149
                                      0x0108314c
                                      0x0108314e
                                      0x01083151
                                      0x01083156
                                      0x010dfdb3
                                      0x010dfdb4
                                      0x010dfdbd
                                      0x01083164
                                      0x01083164
                                      0x01083166
                                      0x01083166
                                      0x0108316f
                                      0x01083172
                                      0x01083176
                                      0x01083187
                                      0x01083190
                                      0x010dfdd1
                                      0x01083196
                                      0x01083196
                                      0x01083196
                                      0x0108319e
                                      0x010dfde4
                                      0x010dfde4
                                      0x010831a4
                                      0x010831a4
                                      0x010831ab

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                      • Instruction ID: 0f0bf915c380d5a1b9710452e4456f003e19fe749ba1144f3ed6a87f6cc0e1ad
                                      • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                      • Instruction Fuzzy Hash: 3A11D031A05305EFDB25EB64C844F6AB7FAFBC5B14F108599E4828B241EB71E842CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114E962 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E0114E962(void* __ebx, void* __ecx, intOrPtr _a4, char* _a8) {
				char _v8;
				signed int _v12;
				char* _t26;
				void* _t31;
				unsigned int _t33;
				intOrPtr _t49;

				_t31 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t49 = _a4;
				_v12 =  *(_t49 + 0xc) & 0xffff0000;
				_t33 =  *(_t49 + 0x10);
				_t44 = 1 << (_t33 >> 0x00000002 & 0x0000003f);
				_t5 = _t44 - 1; // 0x0
				_t6 = _t44 - 1; // 0x0
				_t57 = _a8;
				_v8 = ((_t33 >> 0x00000001 & 1) + (_t33 >> 0xc) << 0xc) - 1 + (1 << (_t33 >> 0x00000002 & 0x0000003f)) - (_t5 + ((_t33 >> 0x00000001 & 1) + (_t33 >> 0x0000000c) << 0x0000000c) & _t6);
				E0114AFDE( &_v12,  &_v8, 0x8000,  *_a8,  *((intOrPtr*)(_a8 + 4)));
				if(E010A7D50() == 0) {
					_t26 = 0x7ffe0388;
				} else {
					_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t26 != 0) {
					E0113FE3F(_t31, _t57, _v12, _v8);
				}
				return E0114BCD2(_t49,  *_t57,  *((intOrPtr*)(_t57 + 4)));
			}









                                      0x0114e962
                                      0x0114e967
                                      0x0114e968
                                      0x0114e96b
                                      0x0114e976
                                      0x0114e979
                                      0x0114e990
                                      0x0114e997
                                      0x0114e99a
                                      0x0114e9a4
                                      0x0114e9b1
                                      0x0114e9be
                                      0x0114e9ca
                                      0x0114e9dc
                                      0x0114e9cc
                                      0x0114e9d5
                                      0x0114e9d5
                                      0x0114e9e4
                                      0x0114e9ee
                                      0x0114e9ee
                                      0x0114ea04

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                      • Instruction ID: 16800cefc0cb4204d3acdff45731d0152c82ea25bc56551f1e8e93a509a5b62e
                                      • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                      • Instruction Fuzzy Hash: 5211C436A00519AFDB1DCB58C805AADBBB5FF84710F058269EC4597390EB35AD52CBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BDF4C Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E010BDF4C(signed int __eax, void* __ecx, signed int* __edx, signed int* _a4) {
				char _v8;
				signed int _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v49;
				void* _v50;
				void* __ebx;
				void* __edi;
				intOrPtr* _t71;
				signed int _t74;
				signed int _t75;
				intOrPtr _t80;
				intOrPtr* _t81;
				signed int _t87;
				signed int* _t92;
				signed int* _t99;
				signed int _t102;
				signed int _t104;
				unsigned int _t109;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr* _t119;
				char _t124;
				signed int _t125;
				signed int _t130;
				signed int _t132;
				void* _t134;
				signed int _t136;
				signed int _t137;
				intOrPtr* _t138;
				void* _t141;
				signed int _t144;
				signed int _t146;
				signed int _t150;
				void* _t152;

				_push(__ecx);
				_push(__ecx);
				_push(_t134);
				_t94 = __edx;
				_t141 = __ecx;
				asm("lock xadd [esi+0x2c], eax");
				if((__eax | 0xffffffff) == 1) {
					_t108 =  *((intOrPtr*)(__ecx + 0x28));
					if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
						E0108A745(__edx, _t108, __edx, _t134);
					}
					_t71 = _t141 + 4;
					_t124 =  *_t71;
					if( *((intOrPtr*)(_t124 + 4)) != _t71) {
						L9:
						_t109 = 3;
						asm("int 0x29");
						_t152 = (_t150 & 0xfffffff8) - 0x1c;
						_v36 = _v36 & 0x00000000;
						_push(_t94);
						 *((char*)(_t152 + 0xb)) = _t124;
						 *(_t152 + 0x18) = _t109;
						_push(_t141);
						_push(_t134);
						_t99 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t109 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
						_t74 = 0;
						_t125 =  *_t99;
						 *(_t152 + 0x1c) = _t99;
						 *(_t152 + 0x12) = 0;
						if(_t125 != 0) {
							while((_t125 & 0x00000001) == 0) {
								_t74 = _t125;
								if((_t125 & 0x00000002) != 0) {
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										goto L40;
									}
								} else {
									_t144 = _t125 | 0x00000002;
									asm("lock cmpxchg [ebx], ecx");
									if(_t74 != _t125) {
										L40:
										_t125 = _t74;
										if(_t74 != 0) {
											continue;
										} else {
										}
									} else {
										while(1) {
											L14:
											_t102 = _t144 & 0xfffffffc;
											 *(_t152 + 0x24) = _t102;
											_t136 = _t102;
											if( *((intOrPtr*)(_t102 + 0x10)) == 0) {
												goto L42;
											}
											L15:
											_t137 =  *((intOrPtr*)(_t136 + 0x10));
											 *((intOrPtr*)(_t102 + 0x10)) = _t137;
											while(_t137 != 0) {
												_t130 =  *((intOrPtr*)(_t137 + 0xc));
												_v32 = _t130;
												if( *_t137 !=  *((intOrPtr*)(_t152 + 0x20))) {
													L46:
													_t137 = _t130;
													continue;
												} else {
													_t114 =  *(_t137 + 8);
													if(_t137 != _t102) {
														 *(_t130 + 8) = _t114;
														_t115 =  *(_t137 + 8);
														_t80 =  *((intOrPtr*)(_t137 + 0xc));
														if(_t115 != 0) {
															 *((intOrPtr*)(_t115 + 0xc)) = _t80;
														} else {
															 *((intOrPtr*)(_t102 + 0x10)) = _t80;
															 *((intOrPtr*)( *((intOrPtr*)(_t137 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t137 + 0xc));
														}
														goto L23;
													} else {
														if(_t114 != 0) {
															_t114 = _t114 ^ (_t114 ^ _t144) & 0x00000003;
														}
														_t87 = _t144;
														asm("lock cmpxchg [ebx], edx");
														_t102 =  *(_t152 + 0x24);
														if(_t87 != _t144) {
															_t144 = _t87;
															goto L14;
														} else {
															_t132 =  *(_t137 + 8);
															_t118 = _t114 & 0xffffff00 | _t114 == 0x00000000;
															 *(_t152 + 0x12) = _t118;
															if(_t132 != 0) {
																 *(_t132 + 0xc) =  *(_t132 + 0xc) & 0x00000000;
																 *((intOrPtr*)(_t132 + 0x10)) =  *((intOrPtr*)(_t137 + 0x10));
																 *(_t152 + 0x12) = _t118;
															}
															_t130 = _v32;
															L23:
															_t116 = 2;
															_t41 = _t137 + 0x14; // 0x14
															_t81 = _t41;
															_t117 =  *_t81;
															 *_t81 = _t116;
															if(_t117 == 2) {
																goto L46;
															} else {
																if(_t117 == 0) {
																	 *(_t137 + 8) = _v36;
																	_v36 = _t137;
																}
																if( *((char*)(_t152 + 0x13)) != 0) {
																	goto L46;
																}
															}
														}
													}
												}
												break;
											}
											_t74 = _v36;
											if(_t74 != 0) {
												do {
													_push( *((intOrPtr*)(_t74 + 4)));
													_t146 =  *(_t74 + 8);
													E010C9BF0();
													_t74 = _t146;
												} while (_t146 != 0);
											}
											if( *(_t152 + 0x12) == 0) {
												_t113 =  *( *(_t152 + 0x1c));
												while(1) {
													_t104 = _t113 & 0x00000001;
													asm("sbb edx, edx");
													_t74 = _t113;
													asm("lock cmpxchg [esi], edx");
													if(_t74 == _t113) {
														break;
													}
													_t113 = _t74;
												}
												if(_t104 != 0) {
													_t74 = E0113CF30(_t74);
												}
											}
											goto L30;
											do {
												L42:
												_t75 = _t136;
												_t136 =  *(_t136 + 8);
												 *(_t136 + 0xc) = _t75;
											} while ( *((intOrPtr*)(_t136 + 0x10)) == 0);
											goto L15;
										}
									}
								}
								goto L30;
							}
						}
						L30:
						return _t74;
					} else {
						_t119 =  *((intOrPtr*)(_t71 + 4));
						if( *_t119 != _t71) {
							goto L9;
						} else {
							 *_t119 = _t124;
							 *((intOrPtr*)(_t124 + 4)) = _t119;
							_t138 =  *((intOrPtr*)(_t141 + 0x30));
							 *_t94 =  *((intOrPtr*)(_t141 + 0x38));
							 *_a4 =  *(_t141 + 0x3c);
							_t92 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t141);
							if(_t138 != 0) {
								 *_t138 = 1;
								_t92 =  &_v8;
								asm("lock or [eax], ecx");
								_push(0);
								L10();
							}
							goto L2;
						}
					}
				} else {
					_t92 = _a4;
					 *__edx =  *__edx & 0x00000000;
					 *_t92 =  *_t92 & 0x00000000;
					L2:
					return _t92;
				}
			}












































                                      0x010bdf51
                                      0x010bdf52
                                      0x010bdf55
                                      0x010bdf56
                                      0x010bdf58
                                      0x010bdf5d
                                      0x010bdf63
                                      0x010bdf77
                                      0x010bdf7c
                                      0x010bdfd3
                                      0x010bdfd3
                                      0x010bdf7e
                                      0x010bdf81
                                      0x010bdf86
                                      0x010bdfda
                                      0x010bdfdc
                                      0x010bdfdd
                                      0x010bdfe7
                                      0x010bdff0
                                      0x010bdff5
                                      0x010bdff8
                                      0x010be005
                                      0x010be00f
                                      0x010be010
                                      0x010be011
                                      0x010be014
                                      0x010be016
                                      0x010be018
                                      0x010be01c
                                      0x010be022
                                      0x010be028
                                      0x010be031
                                      0x010be036
                                      0x010fb47d
                                      0x010fb483
                                      0x00000000
                                      0x00000000
                                      0x010be03c
                                      0x010be03e
                                      0x010be043
                                      0x010be049
                                      0x010fb489
                                      0x010fb489
                                      0x010fb48d
                                      0x00000000
                                      0x00000000
                                      0x010fb493
                                      0x00000000
                                      0x010be04f
                                      0x010be04f
                                      0x010be051
                                      0x010be054
                                      0x010be058
                                      0x010be05e
                                      0x00000000
                                      0x00000000
                                      0x010be064
                                      0x010be064
                                      0x010be067
                                      0x010be06a
                                      0x010be076
                                      0x010be079
                                      0x010be07f
                                      0x010fb4cc
                                      0x010fb4cc
                                      0x00000000
                                      0x010be085
                                      0x010be085
                                      0x010be08a
                                      0x010be11c
                                      0x010be11f
                                      0x010be122
                                      0x010be127
                                      0x010be164
                                      0x010be129
                                      0x010be129
                                      0x010be12f
                                      0x010be12f
                                      0x00000000
                                      0x010be090
                                      0x010be092
                                      0x010fb4b2
                                      0x010fb4b2
                                      0x010be09e
                                      0x010be0a0
                                      0x010be0a4
                                      0x010be0aa
                                      0x010fb4d3
                                      0x00000000
                                      0x010be0b0
                                      0x010be0b0
                                      0x010be0b5
                                      0x010be0b8
                                      0x010be0be
                                      0x010fb4b9
                                      0x010fb4c0
                                      0x010fb4c3
                                      0x010fb4c3
                                      0x010be0c4
                                      0x010be0c8
                                      0x010be0ca
                                      0x010be0cb
                                      0x010be0cb
                                      0x010be0ce
                                      0x010be0ce
                                      0x010be0d3
                                      0x00000000
                                      0x010be0d9
                                      0x010be0db
                                      0x010be0e1
                                      0x010be0e4
                                      0x010be0e4
                                      0x010be0ed
                                      0x00000000
                                      0x00000000
                                      0x010be0ed
                                      0x010be0d3
                                      0x010be0aa
                                      0x010be08a
                                      0x00000000
                                      0x010be07f
                                      0x010be0f3
                                      0x010be0f9
                                      0x010be0fb
                                      0x010be0fb
                                      0x010be0fe
                                      0x010be101
                                      0x010be106
                                      0x010be108
                                      0x010be0fb
                                      0x010be111
                                      0x010be138
                                      0x010be13a
                                      0x010be13e
                                      0x010be148
                                      0x010be14e
                                      0x010be150
                                      0x010be156
                                      0x00000000
                                      0x00000000
                                      0x010be16c
                                      0x010be16c
                                      0x010be15a
                                      0x010be15d
                                      0x010be15d
                                      0x010be15a
                                      0x00000000
                                      0x010fb498
                                      0x010fb498
                                      0x010fb498
                                      0x010fb49a
                                      0x010fb49d
                                      0x010fb4a0
                                      0x00000000
                                      0x010fb4a6
                                      0x010be04f
                                      0x010be049
                                      0x00000000
                                      0x010be036
                                      0x010be028
                                      0x010be113
                                      0x010be119
                                      0x010bdf88
                                      0x010bdf88
                                      0x010bdf8d
                                      0x00000000
                                      0x010bdf8f
                                      0x010bdf8f
                                      0x010bdf91
                                      0x010bdf97
                                      0x010bdf9a
                                      0x010bdfa5
                                      0x010bdfb0
                                      0x010bdfb7
                                      0x010bdfb9
                                      0x010bdfbf
                                      0x010bdfc4
                                      0x010bdfc7
                                      0x010bdfcc
                                      0x010bdfcc
                                      0x00000000
                                      0x010bdfb7
                                      0x010bdf8d
                                      0x010bdf65
                                      0x010bdf65
                                      0x010bdf68
                                      0x010bdf6b
                                      0x010bdf6e
                                      0x010bdf74
                                      0x010bdf74

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                      • Instruction ID: 2dd650cea8d2818ae0348bae6c4b49c656f1d0cc8c595cfdf89ef0c3330c6c60
                                      • Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                      • Instruction Fuzzy Hash: 9F11D0712056029FC729DF58C480BA6FBF6FF45324F0181ADE44A8B6A0E770EC01CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01114257 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E01114257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11608d0);
				E010DD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E011141E8(__ebx, __edi, __ecx, _t39);
				E0109EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11787e4;
					_t18 =  *0x11787e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1175cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11787e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11787e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01087055(_t31 + 0xfffffff8);
								_t24 =  *0x11787e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11787e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1175cd0;
				if( *0x1175cd0 <= 0) {
					L01087055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11787e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11787e8 = _t30;
						 *0x11787e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E010DD0D1(L01114320());
			}















                                      0x01114257
                                      0x01114257
                                      0x01114257
                                      0x01114259
                                      0x0111425e
                                      0x01114263
                                      0x01114265
                                      0x01114273
                                      0x01114278
                                      0x0111427c
                                      0x0111427f
                                      0x01114281
                                      0x01114287
                                      0x011142d7
                                      0x011142d7
                                      0x011142da
                                      0x0111428d
                                      0x0111428d
                                      0x0111428f
                                      0x01114292
                                      0x01114297
                                      0x0111429c
                                      0x011142a0
                                      0x011142a6
                                      0x011142a8
                                      0x011142ae
                                      0x011142b3
                                      0x00000000
                                      0x011142ba
                                      0x011142ba
                                      0x011142bf
                                      0x011142c5
                                      0x011142ca
                                      0x011142cf
                                      0x011142d0
                                      0x00000000
                                      0x011142d0
                                      0x011142b3
                                      0x00000000
                                      0x011142a6
                                      0x0111429c
                                      0x011142dc
                                      0x011142dc
                                      0x011142e3
                                      0x01114309
                                      0x011142e5
                                      0x011142e5
                                      0x011142e8
                                      0x011142ee
                                      0x011142f0
                                      0x00000000
                                      0x011142f2
                                      0x011142f2
                                      0x011142f4
                                      0x011142f7
                                      0x011142f9
                                      0x01114300
                                      0x01114300
                                      0x011142f0
                                      0x0111430e
                                      0x0111431f

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 97a42e98d23ebe5244c9604c812f39f0d2e95671cfdf06d729f2c13db955002c
                                      • Instruction ID: 3be93f7a263e6863d11a4bd967996c9f009ceb86f64134c643fc116113942f99
                                      • Opcode Fuzzy Hash: 97a42e98d23ebe5244c9604c812f39f0d2e95671cfdf06d729f2c13db955002c
                                      • Instruction Fuzzy Hash: 84215870500B01CFC72DDF68E004A98FBB1FB89755B20827AD1A68BB99DB3194D1CF01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B2397 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 29%
                                      			E010B2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x117848c != 0) {
					L010AFAD0(0x1178610);
					if( *0x117848c == 0) {
						E010AFA00(0x1178610, _t19, _t27, 0x1178610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = L010B2581(0x1178610, 0x10650a0, _t26, _t27, _t28);
						E010AFA00(0x1178610, 0x10650a0, _t27, 0x1178610);
					}
				} else {
					L1:
					_t11 =  *0x1178614; // 0x0
					if(_t11 == 0) {
						_t11 = E010C4886(0x1061088, 1, 0x1178614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = L010B2581(0x1178610, (_t11 << 4) + 0x1065070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                      0x010b23b0
                                      0x010b23b6
                                      0x010b2409
                                      0x010b2415
                                      0x010f5ae9
                                      0x00000000
                                      0x010b241b
                                      0x010b241b
                                      0x010b241d
                                      0x010b2427
                                      0x010b242e
                                      0x010b2430
                                      0x010b2430
                                      0x010b23b8
                                      0x010b23b8
                                      0x010b23b8
                                      0x010b23bf
                                      0x010b23fc
                                      0x010b23fc
                                      0x010b23c1
                                      0x010b23c3
                                      0x010b23d0
                                      0x010b23d8
                                      0x010b23d8
                                      0x010b23dc
                                      0x010b23de
                                      0x010b23e1
                                      0x010b23e1
                                      0x010b23ec

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 823edda7c9dabd19d68055f49660b2c260be239e9dcdc8fa78f896fbf57575ed
                                      • Instruction ID: 9f7077b12e0d20b80c73435e7db9b5a6217d9525feba94f5646846e010dbcff0
                                      • Opcode Fuzzy Hash: 823edda7c9dabd19d68055f49660b2c260be239e9dcdc8fa78f896fbf57575ed
                                      • Instruction Fuzzy Hash: 3311497174430167E734A62DDCD4BDEB6ECFBA0A60F14846AF683AB291DAB0F840C754
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C37F5 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E010C37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E010A2280(_t6, 0x1178550);
				}
				_t29 = E010C387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0109FFB0(0x1178550, _t27, 0x1178550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                      0x010c37fa
                                      0x010c37fc
                                      0x010c3805
                                      0x010c3808
                                      0x010c3808
                                      0x010c3814
                                      0x010c3818
                                      0x010c3846
                                      0x010c3848
                                      0x010c384b
                                      0x010c384b
                                      0x010c3852
                                      0x00000000
                                      0x010c3854
                                      0x010c3856
                                      0x00000000
                                      0x00000000
                                      0x010c3863
                                      0x00000000
                                      0x010c3863
                                      0x010c381a
                                      0x010c381a
                                      0x010c381f
                                      0x010c386e
                                      0x010c386e
                                      0x010c3871
                                      0x010c3873
                                      0x010c3873
                                      0x010c3868
                                      0x00000000
                                      0x010c3868
                                      0x010c3821
                                      0x010c3826
                                      0x00000000
                                      0x00000000
                                      0x010c3828
                                      0x010c382a
                                      0x010c3841
                                      0x00000000
                                      0x010c3841

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ec82050fb5c56512da062decb00365c15cd12e6899905b762680196df5d4f275
                                      • Instruction ID: b79e5dc288b56c123e4ff6387aae0fba7a1980933ff28319542da92ae69379ef
                                      • Opcode Fuzzy Hash: ec82050fb5c56512da062decb00365c15cd12e6899905b762680196df5d4f275
                                      • Instruction Fuzzy Hash: 6D01A1729117119BC3278B5E9940A2FBBF6FF86E50B1580ADF9898F215D730C805CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01084CB0 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 84%
                                      			E01084CB0(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, void* _a16) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t26;
				void* _t32;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t41;

				_t35 = __ecx;
				_push(__ecx);
				_push(_t32);
				_t41 = _a4;
				_push(_t38);
				if(_t41 == 0) {
					L8:
					E011588F5(_t32, _t35, _t37, _t38, _t41, __eflags);
					_t21 = 0xc000000d;
					L6:
					return _t21;
				}
				_t22 =  *((intOrPtr*)(_t41 + 0x4c));
				if(_t22 == 0) {
					goto L8;
				}
				_t38 = _a8;
				if( *((intOrPtr*)(_t22 + 0xa8)) != _t38 || ( *(_t41 + 0x84) & 0x00000001) != 0) {
					goto L8;
				} else {
					_t34 = _a16;
					_t23 =  *0x11784c4; // 0x0
					_t36 =  *(_a16 + 2) & 0x0000ffff;
					_v8 =  *(_a16 + 2) & 0x0000ffff;
					_t26 = E010A4620( *(_a16 + 2) & 0x0000ffff,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0x80000, _t36);
					 *((intOrPtr*)(_t41 + 0x78)) = _t26;
					if(_t26 == 0) {
						_t21 = 0xc0000017;
					} else {
						E010CF3E0(_t26, _t34, _v8);
						 *((intOrPtr*)(_t41 + 0x7c)) = _t38;
						asm("lock inc dword [eax]");
						 *(_t41 + 0x84) =  *(_t41 + 0x84) | 0x00000001;
						 *(_t41 + 0x80) = _a12 | 0x00040000;
						_t21 = 0;
					}
					goto L6;
				}
			}
















                                      0x01084cb0
                                      0x01084cb5
                                      0x01084cb6
                                      0x01084cb8
                                      0x01084cbb
                                      0x01084cbe
                                      0x01084d50
                                      0x01084d50
                                      0x01084d55
                                      0x01084d40
                                      0x01084d46
                                      0x01084d46
                                      0x01084cc4
                                      0x01084cc9
                                      0x00000000
                                      0x00000000
                                      0x01084ccf
                                      0x01084cd8
                                      0x00000000
                                      0x01084ce3
                                      0x01084ce3
                                      0x01084ce6
                                      0x01084cf0
                                      0x01084cfc
                                      0x01084d02
                                      0x01084d07
                                      0x01084d0c
                                      0x01084d49
                                      0x01084d0e
                                      0x01084d13
                                      0x01084d18
                                      0x01084d26
                                      0x01084d2c
                                      0x01084d38
                                      0x01084d3e
                                      0x01084d3e
                                      0x00000000
                                      0x01084d0c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d24482abc6a6f43c263bc04fae270a717baf76fe5133be9a2768abace7a837e
                                      • Instruction ID: ab345be5ff59ce5b6b22f4b6125e5341e0f2107a8e2a6c6537f6d1a4b42cd510
                                      • Opcode Fuzzy Hash: 7d24482abc6a6f43c263bc04fae270a717baf76fe5133be9a2768abace7a837e
                                      • Instruction Fuzzy Hash: 2F11A371604706EFD712EF59D841BA777E8EF44314F054469EAD5CB211EB71EC008BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B002D Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E010A7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E010A7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E010A7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E010A7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                      0x010b0032
                                      0x010b0037
                                      0x010b0043
                                      0x010f4b3a
                                      0x010b0049
                                      0x010b0049
                                      0x010b0049
                                      0x010b004e
                                      0x010b0053
                                      0x010f4b48
                                      0x010f4b5a
                                      0x010f4b4a
                                      0x010f4b53
                                      0x010f4b53
                                      0x010f4b5f
                                      0x00000000
                                      0x010f4b61
                                      0x00000000
                                      0x010f4b61
                                      0x010b0059
                                      0x010b0059
                                      0x010b0060
                                      0x010f4b6f
                                      0x010f4b6f
                                      0x010b0069
                                      0x010f4b83
                                      0x00000000
                                      0x00000000
                                      0x010f4b90
                                      0x010f4b9b
                                      0x010f4b9b
                                      0x010f4ba4
                                      0x00000000
                                      0x00000000
                                      0x010f4baa
                                      0x00000000
                                      0x010b006f
                                      0x010b006f
                                      0x00000000
                                      0x010b006f
                                      0x010b0069

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction ID: 31dac44514e5c756ad9e6c23390e00e39488a57373793bfc556535ef7ccb3194
                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction Fuzzy Hash: 8E11E1322116858FE7639B6CC985BBB3BF4AF41754F0900E4FE84C7AA3D72AD841C660
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108A745 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E0108A745(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				signed int _v12;
				void* __esi;
				intOrPtr _t7;
				signed int _t9;
				intOrPtr* _t12;
				intOrPtr _t15;
				void* _t19;
				intOrPtr _t20;
				void* _t23;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				signed int _t37;

				_push(__ecx);
				_t7 =  *0x11784cc; // 0x0
				_t34 = __ecx;
				_t9 = E010A2280(_t7 + 0x18, _t7 + 0x18);
				asm("lock xadd [esi+0x14], eax");
				if((_t9 | 0xffffffff) == 1) {
					_t2 = _t34 + 8; // 0x8
					_t12 = _t2;
					_t30 =  *_t12;
					if( *((intOrPtr*)(_t30 + 4)) != _t12) {
						L7:
						asm("int 0x29");
						_t32 = 3;
						_pop(_t35);
						_pop(_t23);
						return E010CB640(0xc00000f0, _t23, _v12 ^ _t37, _t30, _t32, _t35);
					} else {
						_t28 =  *((intOrPtr*)(_t12 + 4));
						if( *_t28 != _t12) {
							goto L7;
						} else {
							_t15 =  *0x11784cc; // 0x0
							 *_t28 = _t30;
							 *((intOrPtr*)(_t30 + 4)) = _t28;
							E0109FFB0(__ebx, __edi, _t15 + 0x18);
							_t19 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t34);
							goto L2;
						}
					}
				} else {
					_t20 =  *0x11784cc; // 0x0
					_t19 = E0109FFB0(__ebx, __edi, _t20 + 0x18);
					L2:
					return _t19;
				}
			}


















                                      0x0108a74a
                                      0x0108a74b
                                      0x0108a754
                                      0x0108a757
                                      0x0108a75f
                                      0x0108a765
                                      0x010e440f
                                      0x010e440f
                                      0x010e4412
                                      0x010e4417
                                      0x010e4449
                                      0x010e444c
                                      0x0108a86a
                                      0x0108a86b
                                      0x0108a86e
                                      0x0108a877
                                      0x010e4419
                                      0x010e4419
                                      0x010e441e
                                      0x00000000
                                      0x010e4420
                                      0x010e4420
                                      0x010e4428
                                      0x010e442b
                                      0x010e442e
                                      0x010e443f
                                      0x00000000
                                      0x010e443f
                                      0x010e441e
                                      0x0108a76b
                                      0x0108a76b
                                      0x0108a774
                                      0x0108a779
                                      0x0108a77d
                                      0x0108a77d

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9507eaf3be90ed2fc0f73f6933b70b8ce62fe959e5906108bbf79685559e5f60
                                      • Instruction ID: ae8a14187dc55bf2bd32c40feb36510083278dca9b22f27a1693d7820bf0e3e5
                                      • Opcode Fuzzy Hash: 9507eaf3be90ed2fc0f73f6933b70b8ce62fe959e5906108bbf79685559e5f60
                                      • Instruction Fuzzy Hash: 4101D272201206DBC324EF6AEC04BAAB7E8EB41321B0442AEE599CB341CE75D841CBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01089080 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E01089080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11785ec;
				E010A2280(_t48, 0x11785ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0109FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x117538c; // 0x77996828
					if( *_t84 != 0x1175388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x115f6e8);
						E010DD0E8(0x11785ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011588F5(_t80, _t85, 0x1175388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11786c0; // 0xb207b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11786b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E010A2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011588F5(0x11785ec, _t85, 0x1175388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E010CAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x117b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11784c0;
																			if(_t82 >=  *0x11784c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01159063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0108922A(_t99);
										_t64 = E010A7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01158B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11786c0; // 0xb207b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11786b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11786bc;
													_t87 = 0x11786b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01089240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11786c4;
												_t87 = 0x11786c0;
												L27:
												E010B9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E010DD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1175388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x117538c = _t51;
						goto L6;
					}
				}
			}




















                                      0x01089082
                                      0x01089083
                                      0x01089084
                                      0x01089085
                                      0x01089087
                                      0x01089096
                                      0x01089098
                                      0x01089098
                                      0x0108909e
                                      0x010890a8
                                      0x010890e7
                                      0x010890e7
                                      0x010890aa
                                      0x010890b0
                                      0x010890b7
                                      0x010890bd
                                      0x010890dd
                                      0x010890e6
                                      0x010890bf
                                      0x010890bf
                                      0x010890c7
                                      0x010890cf
                                      0x010890f1
                                      0x010890f2
                                      0x010890f4
                                      0x010890f5
                                      0x010890f6
                                      0x010890f7
                                      0x010890f8
                                      0x010890f9
                                      0x010890fa
                                      0x010890fb
                                      0x010890fc
                                      0x010890fd
                                      0x010890fe
                                      0x010890ff
                                      0x01089100
                                      0x01089102
                                      0x01089107
                                      0x0108910c
                                      0x01089110
                                      0x01089113
                                      0x01089115
                                      0x01089136
                                      0x0108913f
                                      0x01089143
                                      0x010e37e4
                                      0x010e37e4
                                      0x01089117
                                      0x01089117
                                      0x0108911d
                                      0x00000000
                                      0x0108911f
                                      0x0108911f
                                      0x01089125
                                      0x00000000
                                      0x01089127
                                      0x0108912d
                                      0x01089130
                                      0x01089134
                                      0x01089158
                                      0x0108915d
                                      0x01089161
                                      0x01089168
                                      0x010e3715
                                      0x0108916e
                                      0x0108916e
                                      0x01089175
                                      0x01089177
                                      0x0108917e
                                      0x0108917f
                                      0x01089182
                                      0x01089182
                                      0x01089187
                                      0x01089187
                                      0x0108918a
                                      0x0108918d
                                      0x0108918f
                                      0x01089192
                                      0x01089195
                                      0x01089198
                                      0x01089198
                                      0x01089198
                                      0x0108919a
                                      0x00000000
                                      0x00000000
                                      0x010e371f
                                      0x010e3721
                                      0x010e3727
                                      0x010e372f
                                      0x010e3733
                                      0x010e3735
                                      0x010e3738
                                      0x010e373b
                                      0x010e373d
                                      0x010e3740
                                      0x00000000
                                      0x010e3746
                                      0x010e3746
                                      0x010e3749
                                      0x00000000
                                      0x010e374f
                                      0x010e374f
                                      0x010e3751
                                      0x010e3757
                                      0x010e3759
                                      0x010e375c
                                      0x010e375c
                                      0x010e375e
                                      0x010e375e
                                      0x010e3761
                                      0x010e3764
                                      0x00000000
                                      0x00000000
                                      0x010e3766
                                      0x010e3768
                                      0x010e37a3
                                      0x010e37a3
                                      0x010e37a5
                                      0x010e37a7
                                      0x010e37ad
                                      0x010e37b0
                                      0x010e37b2
                                      0x010e37bc
                                      0x010e37c2
                                      0x010e37c2
                                      0x010e37b2
                                      0x01089187
                                      0x01089187
                                      0x0108918a
                                      0x0108918d
                                      0x0108918f
                                      0x01089192
                                      0x01089195
                                      0x00000000
                                      0x01089195
                                      0x00000000
                                      0x010e376a
                                      0x010e376a
                                      0x010e376a
                                      0x010e376c
                                      0x010e376c
                                      0x010e376f
                                      0x010e3775
                                      0x00000000
                                      0x00000000
                                      0x010e3777
                                      0x010e3779
                                      0x010e3782
                                      0x010e3787
                                      0x010e3789
                                      0x010e3790
                                      0x010e3790
                                      0x010e378b
                                      0x010e378b
                                      0x010e378b
                                      0x010e3792
                                      0x010e3795
                                      0x00000000
                                      0x010e3795
                                      0x00000000
                                      0x010e3779
                                      0x010e3798
                                      0x00000000
                                      0x010e3798
                                      0x00000000
                                      0x010e3768
                                      0x010e379b
                                      0x010e379b
                                      0x010e3751
                                      0x010e3749
                                      0x00000000
                                      0x010e3740
                                      0x010891a0
                                      0x010891a3
                                      0x010891a9
                                      0x010891b0
                                      0x00000000
                                      0x010891b0
                                      0x01089187
                                      0x010891b4
                                      0x010891b4
                                      0x010891bb
                                      0x010891c0
                                      0x010891c5
                                      0x010891c7
                                      0x010e37da
                                      0x010891cd
                                      0x010891cd
                                      0x010891cd
                                      0x010891d2
                                      0x010891d5
                                      0x01089239
                                      0x01089239
                                      0x010891d7
                                      0x010891db
                                      0x010891e1
                                      0x010891e7
                                      0x010891fd
                                      0x01089203
                                      0x0108921e
                                      0x01089223
                                      0x00000000
                                      0x01089205
                                      0x01089205
                                      0x01089208
                                      0x0108920c
                                      0x01089214
                                      0x01089214
                                      0x0108920c
                                      0x010891e9
                                      0x010891e9
                                      0x010891ee
                                      0x010891f3
                                      0x010891f3
                                      0x010891f3
                                      0x010891e7
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01089134
                                      0x01089125
                                      0x0108911d
                                      0x0108914e
                                      0x010890d1
                                      0x010890d1
                                      0x010890d3
                                      0x010890d6
                                      0x010890d8
                                      0x00000000
                                      0x010890d8
                                      0x010890cf

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a23acbded21d6298c0873f85a7e72153dd09be933a99c156b1de683414bc4a05
                                      • Instruction ID: 77a305c8a42280fcef7edee0a5c51c0733fd6ca4e73dc176a8ac549ef4a05264
                                      • Opcode Fuzzy Hash: a23acbded21d6298c0873f85a7e72153dd09be933a99c156b1de683414bc4a05
                                      • Instruction Fuzzy Hash: 3601F4725092048FD369AF08D840B257BF9EF85324F218076E1859B7A2C370EC82CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0111C450 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E0111C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E010C9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E010C95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E010C95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E010C95D0();
				return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                      0x0111c458
                                      0x0111c45d
                                      0x0111c466
                                      0x0111c468
                                      0x0111c469
                                      0x0111c46a
                                      0x0111c46b
                                      0x0111c46e
                                      0x0111c46f
                                      0x0111c471
                                      0x0111c476
                                      0x0111c476
                                      0x0111c47c
                                      0x0111c47e
                                      0x0111c480
                                      0x0111c480
                                      0x0111c483
                                      0x0111c484
                                      0x0111c486
                                      0x0111c488
                                      0x0111c48f
                                      0x0111c491
                                      0x0111c493
                                      0x0111c493
                                      0x0111c48f
                                      0x0111c498
                                      0x0111c49e
                                      0x0111c4ad
                                      0x0111c4ad
                                      0x0111c4b2
                                      0x0111c4b4
                                      0x0111c4cd

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction ID: d132286acc294b6092ef1e1adeed34d52e027cce8c88d6075fa3a6e834c3903e
                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction Fuzzy Hash: 4C019272180506FFE725AF69CC80EA6FB6DFF64794F004529F25442960DB22ACA0CBE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B3B5A Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B3B5A(void* __eax, intOrPtr __ebx, void* __edi, intOrPtr __esi) {
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				intOrPtr _t37;
				void* _t39;

				_t37 = __esi;
				_t31 = __ebx;
				_t14 = __eax;
				if( *((intOrPtr*)(_t39 - 0x40)) != __ebx || __edi < 0) {
					if(_t37 == 0) {
						goto L2;
					}
					_t32 =  *((intOrPtr*)(_t39 - 0x24));
					if( *((intOrPtr*)(_t39 - 0x24)) != 0) {
						_t27 =  *0x11784c4; // 0x0
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27 + 0xc0000, _t32);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t33 =  *((intOrPtr*)(_t37 + 0x1c));
					if( *((intOrPtr*)(_t37 + 0x1c)) != 0) {
						_t23 =  *0x11784c4; // 0x0
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t23 + 0xc0000, _t33);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t34 =  *((intOrPtr*)(_t37 + 0x20));
					if( *((intOrPtr*)(_t37 + 0x20)) != 0) {
						_t19 =  *0x11784c4; // 0x0
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t19 + 0xc0000, _t34);
						_t37 =  *((intOrPtr*)(_t39 - 0x20));
					}
					_t15 =  *0x11784c4; // 0x0
					_t18 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t15 + 0xc0000, _t37);
					 *((intOrPtr*)(_t39 - 0x20)) = _t31;
					return _t18;
				} else {
					L2:
					return _t14;
				}
			}












                                      0x010b3b5a
                                      0x010b3b5a
                                      0x010b3b5a
                                      0x010b3b5d
                                      0x010f61e6
                                      0x00000000
                                      0x00000000
                                      0x010f61ec
                                      0x010f61f1
                                      0x010f61f3
                                      0x010f6208
                                      0x010f620d
                                      0x010f620d
                                      0x010f6210
                                      0x010f6215
                                      0x010f6217
                                      0x010f622c
                                      0x010f6231
                                      0x010f6231
                                      0x010f6234
                                      0x010f6239
                                      0x010f623b
                                      0x010f6250
                                      0x010f6255
                                      0x010f6255
                                      0x010f6258
                                      0x010f626d
                                      0x010f6274
                                      0x00000000
                                      0x010b3b6b
                                      0x010b3b6b
                                      0x010b3b6b
                                      0x010b3b6b

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14805a77922e21c27977c52e40ad08303d46dd1237dfee448060468d2ac1eaec
                                      • Instruction ID: 5969eef9e1fc6e53d471daa9ba714522edfb55d10c79c3f95515bcb71db15518
                                      • Opcode Fuzzy Hash: 14805a77922e21c27977c52e40ad08303d46dd1237dfee448060468d2ac1eaec
                                      • Instruction Fuzzy Hash: B0111C36501555DFCB69DF88CA41FAEB7B9FB08600F5900ACE946A7752C72AFC00CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01112E14 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E01112E14(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				signed char* _t27;
				void* _t33;
				intOrPtr _t35;
				void* _t42;
				intOrPtr _t44;
				void* _t45;
				intOrPtr _t47;
				signed int _t48;

				_v8 =  *0x117d360 ^ _t48;
				_v20 = __ecx;
				_v66 = 0xd22;
				_t41 = _a24;
				_v40 = _a20;
				_v16 = _a12;
				_v36 = _a24;
				_v32 = __edx;
				_v28 = _a4;
				_v24 = _a8;
				_v12 = _a16;
				_t26 = E010A7D50();
				_t44 = _t42;
				_t47 = _t45;
				_t35 = _t33;
				if(_t26 == 0) {
					_t27 = 0x7ffe038e;
				} else {
					_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
				}
				_push( &_v72);
				_push(0x20);
				_push(0x20402);
				_push( *_t27 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t35, _v8 ^ _t48, _t41, _t44, _t47);
			}


























                                      0x01112e23
                                      0x01112e2c
                                      0x01112e2f
                                      0x01112e38
                                      0x01112e3f
                                      0x01112e49
                                      0x01112e4f
                                      0x01112e52
                                      0x01112e55
                                      0x01112e58
                                      0x01112e5b
                                      0x01112e5e
                                      0x01112e63
                                      0x01112e64
                                      0x01112e65
                                      0x01112e68
                                      0x01112e7a
                                      0x01112e6a
                                      0x01112e73
                                      0x01112e73
                                      0x01112e85
                                      0x01112e86
                                      0x01112e88
                                      0x01112e8d
                                      0x01112ea0

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc85927425025b0ffeefbc73c5acee409ffe193154215479aa1ec0c54785444b
                                      • Instruction ID: e23a0338a93610a2c99230366e2ea8d37f4ad3e6343054f582a299a8222d4d0e
                                      • Opcode Fuzzy Hash: cc85927425025b0ffeefbc73c5acee409ffe193154215479aa1ec0c54785444b
                                      • Instruction Fuzzy Hash: 31112AB1A0121D9FCB04DFA9D541AAEBBF8FF58340F10806AF904E7351D634AA01CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141A5F Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 65%
                                      			E01141A5F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				void* _t23;
				signed char* _t24;
				intOrPtr _t30;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;
				signed int _t42;

				_t35 = __edx;
				_t30 = __ebx;
				_v8 =  *0x117d360 ^ _t42;
				_t37 = __edx;
				_t40 = __ecx;
				E010CFA60( &_v60, 0, 0x34);
				_v28 = _t40;
				_v54 = 0x1035;
				_v20 = _a4;
				_v16 = _a8;
				_v24 = _t37;
				_v12 = _a12;
				_t23 = E010A7D50();
				_t38 = _t36;
				_t41 = _t39;
				if(_t23 == 0) {
					_t24 = 0x7ffe0380;
				} else {
					_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x14);
				_push(0x20402);
				_push( *_t24 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t30, _v8 ^ _t42, _t35, _t38, _t41);
			}























                                      0x01141a5f
                                      0x01141a5f
                                      0x01141a6e
                                      0x01141a78
                                      0x01141a7d
                                      0x01141a7f
                                      0x01141a89
                                      0x01141a8c
                                      0x01141a96
                                      0x01141a9c
                                      0x01141aa2
                                      0x01141aa5
                                      0x01141aa8
                                      0x01141aad
                                      0x01141aae
                                      0x01141ab1
                                      0x01141ac3
                                      0x01141ab3
                                      0x01141abc
                                      0x01141abc
                                      0x01141ace
                                      0x01141acf
                                      0x01141ad1
                                      0x01141ad6
                                      0x01141ae9

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9bd845a7d6dd0d12e2c84e8b93deb9a06a24dd1e7d14220a3ca8bd4bb3302120
                                      • Instruction ID: acec9b333cdc465732d06209cbaa9da666ef54629408654a6100dc03d86ef549
                                      • Opcode Fuzzy Hash: 9bd845a7d6dd0d12e2c84e8b93deb9a06a24dd1e7d14220a3ca8bd4bb3302120
                                      • Instruction Fuzzy Hash: 70116D71A01249ABDB14DFA9D845EAEBBF8EF44B10F54406AF914EB380D674AA40CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010831E0 Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010831E0(intOrPtr _a4, intOrPtr _a8) {
				char* _t12;
				signed int* _t13;
				signed int _t26;
				intOrPtr _t28;

				_t28 = _a4;
				_t26 = 0;
				_t12 = E0108354C(_t28, 0);
				if(_t12 == 0) {
					L3:
					return _t12;
				}
				if(_a8 != 0) {
					_t13 = _t28 + 0xa8;
					_t26 =  *_t13;
					 *_t13 = 0;
				}
				_t12 = E010B9ED0(_t28 + 0x20,  ~_t26, 1);
				if(_t26 != 0) {
					if(E010A7D50() == 0) {
						_t12 = 0x7ffe0386;
					} else {
						_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					}
					if( *_t12 == 0) {
						goto L3;
					}
					return E01158966( *((intOrPtr*)(_t28 + 0x5c)), _t28 + 0x78, _t28 + 0x30,  *((intOrPtr*)(_t28 + 0x34)),  *((intOrPtr*)(_t28 + 0x3c)), _t26);
				} else {
					goto L3;
				}
			}







                                      0x010831e6
                                      0x010831ec
                                      0x010831f1
                                      0x010831f8
                                      0x0108321c
                                      0x0108321c
                                      0x0108321c
                                      0x010831fd
                                      0x010dfe1e
                                      0x010dfe24
                                      0x010dfe24
                                      0x010dfe24
                                      0x0108320c
                                      0x01083213
                                      0x010dfe32
                                      0x010dfe44
                                      0x010dfe34
                                      0x010dfe3d
                                      0x010dfe3d
                                      0x010dfe4c
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                      • Instruction ID: e6ef544bb69d2df2a6261e0b73756f5a813aa05b3168df8b06e7f989319b63bc
                                      • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                      • Instruction Fuzzy Hash: 3201D8322007069FEB62E66AD940AAB77EDFFC1B14F048459AAD68B551DA30F801C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01154015 Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E01154015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E010A2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E010A2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11786ac);
					E0108F900(0x11786d4, _t28);
					E0109FFB0(0x11786ac, _t28, 0x11786ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0109FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                      0x0115401a
                                      0x0115401e
                                      0x01154023
                                      0x01154028
                                      0x01154029
                                      0x0115402b
                                      0x0115402f
                                      0x01154043
                                      0x01154046
                                      0x01154051
                                      0x01154057
                                      0x0115405f
                                      0x01154062
                                      0x01154067
                                      0x0115406f
                                      0x0115407c
                                      0x0115407c
                                      0x0115408c
                                      0x0115408c
                                      0x01154097

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8de873545fa1c967e35b30ce006fa9bddbe9e88bf63e811706527c45f3e762d4
                                      • Instruction ID: c035dac0c1cd34e4ca997b9e0a42a0c7b7bba1eb81eed8b3ae863e714ada543f
                                      • Opcode Fuzzy Hash: 8de873545fa1c967e35b30ce006fa9bddbe9e88bf63e811706527c45f3e762d4
                                      • Instruction Fuzzy Hash: BC018F72201946BFD755ABBACD84E97BBACFF55660B000229F54883A11DB34EC51C7E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141951 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E01141951(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1030;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x01141951
                                      0x01141951
                                      0x01141960
                                      0x0114196a
                                      0x0114196f
                                      0x01141971
                                      0x0114197b
                                      0x0114197e
                                      0x01141988
                                      0x0114198e
                                      0x01141991
                                      0x0114199b
                                      0x011419ad
                                      0x0114199d
                                      0x011419a6
                                      0x011419a6
                                      0x011419b8
                                      0x011419b9
                                      0x011419bb
                                      0x011419c0
                                      0x011419d5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 825c465abb4c1c682e4cf296f433d472f16b0b8fbb950859a77ffdfb0f4785df
                                      • Instruction ID: 3e828f9e98e3fc3909c0e887e06f42d5ebdcb80b173d0bda2204c8becfc16761
                                      • Opcode Fuzzy Hash: 825c465abb4c1c682e4cf296f433d472f16b0b8fbb950859a77ffdfb0f4785df
                                      • Instruction Fuzzy Hash: A0019271A01209ABCB14DFA9D845EAFBBB8EF44710F00406AF940EB380D674AA40CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011419D8 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E011419D8(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1032;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x011419d8
                                      0x011419d8
                                      0x011419e7
                                      0x011419f1
                                      0x011419f6
                                      0x011419f8
                                      0x01141a02
                                      0x01141a05
                                      0x01141a0f
                                      0x01141a15
                                      0x01141a18
                                      0x01141a22
                                      0x01141a34
                                      0x01141a24
                                      0x01141a2d
                                      0x01141a2d
                                      0x01141a3f
                                      0x01141a40
                                      0x01141a42
                                      0x01141a47
                                      0x01141a5c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 762daa081990756b3e08b7e523147e172fc6fb9e21a04adf6163760796168fb1
                                      • Instruction ID: 11192cc8dcc5f30f7ac279f0c214703fcb06aa1dd6873b4144fd7f4ad1c55ddd
                                      • Opcode Fuzzy Hash: 762daa081990756b3e08b7e523147e172fc6fb9e21a04adf6163760796168fb1
                                      • Instruction Fuzzy Hash: C3015271A0125DABDB14DFA9D845EEEBBB8EF44710F50406AB940EB380D6749A41CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141843 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E01141843(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x102f;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x01141843
                                      0x01141843
                                      0x01141852
                                      0x0114185c
                                      0x01141861
                                      0x01141863
                                      0x0114186d
                                      0x01141870
                                      0x0114187a
                                      0x01141880
                                      0x01141883
                                      0x0114188d
                                      0x0114189f
                                      0x0114188f
                                      0x01141898
                                      0x01141898
                                      0x011418aa
                                      0x011418ab
                                      0x011418ad
                                      0x011418b2
                                      0x011418c7

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c47284f571cb13928014d111461ee159251f659310049bce69112b11e5b32eaa
                                      • Instruction ID: 662e5eab5d4bef5f7df19f08357354540acf6f1761189997a8f8d09f4cffc525
                                      • Opcode Fuzzy Hash: c47284f571cb13928014d111461ee159251f659310049bce69112b11e5b32eaa
                                      • Instruction Fuzzy Hash: B1015271E01259ABDB14EFA9D845EEEBBB9EF44710F04406AF940EB380D6749A40CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011418CA Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E011418CA(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v28 = _t34;
				_v54 = 0x1031;
				_v20 = _a4;
				_v24 = _t33;
				_v16 = _a8;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0380;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x011418ca
                                      0x011418ca
                                      0x011418d9
                                      0x011418e3
                                      0x011418e8
                                      0x011418ea
                                      0x011418f4
                                      0x011418f7
                                      0x01141901
                                      0x01141907
                                      0x0114190a
                                      0x01141914
                                      0x01141926
                                      0x01141916
                                      0x0114191f
                                      0x0114191f
                                      0x01141931
                                      0x01141932
                                      0x01141934
                                      0x01141939
                                      0x0114194e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac30eef6004188cf91cd6fb543880dc11c155c0669b9a8e5a6189390bb572494
                                      • Instruction ID: 2e37c9d707ebac5984862d5a4f48ebde8b6401ef81561474a3d2313b4082c3e7
                                      • Opcode Fuzzy Hash: ac30eef6004188cf91cd6fb543880dc11c155c0669b9a8e5a6189390bb572494
                                      • Instruction Fuzzy Hash: 14015275A01219ABDB14EFA9D845EEEBBB8EF44710F00406AF945EB380E6749A41CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114138A Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E0114138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x0114138a
                                      0x0114138a
                                      0x01141399
                                      0x011413a3
                                      0x011413a8
                                      0x011413aa
                                      0x011413b5
                                      0x011413bb
                                      0x011413c3
                                      0x011413c6
                                      0x011413c9
                                      0x011413d4
                                      0x011413e6
                                      0x011413d6
                                      0x011413df
                                      0x011413df
                                      0x011413f1
                                      0x011413f2
                                      0x011413f4
                                      0x011413f9
                                      0x0114140e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3566fc580f8c00842e3b008bc941484a00afa1c62bc6f155422866855ce64aee
                                      • Instruction ID: 7ce8bdf6a4e5d15a0be98969cc4c479b118eda3cf75cbe0f0c675f64f21b6e4f
                                      • Opcode Fuzzy Hash: 3566fc580f8c00842e3b008bc941484a00afa1c62bc6f155422866855ce64aee
                                      • Instruction Fuzzy Hash: AB015271A04319AFDB14DFA9D841EAEBBB8EF44710F40406AB944EB380D6749A41CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011414FB Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E011414FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x117d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x011414fb
                                      0x011414fb
                                      0x0114150a
                                      0x01141514
                                      0x01141519
                                      0x0114151b
                                      0x01141526
                                      0x0114152c
                                      0x01141534
                                      0x01141537
                                      0x0114153a
                                      0x01141545
                                      0x01141557
                                      0x01141547
                                      0x01141550
                                      0x01141550
                                      0x01141562
                                      0x01141563
                                      0x01141565
                                      0x0114156a
                                      0x0114157f

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c706991cb19eca453ba9f4a6b5675d68bc05e2220da16c6709d9057afe7189a2
                                      • Instruction ID: faf5099cafb219f53f82b86226ba8b8b496ca88c817fc6c70158964ecca80fc9
                                      • Opcode Fuzzy Hash: c706991cb19eca453ba9f4a6b5675d68bc05e2220da16c6709d9057afe7189a2
                                      • Instruction Fuzzy Hash: 5D019271A00249AFCB14DFA9D841EEEBBB8EF45700F44406AF954EB380D674DA40CBD5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010858EC Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 91%
                                      			E010858EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x117d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1065c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01085943() != 0 &&  *0x1175320 > 5) {
					E01107B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01107B5E( &_v28, _t28);
					_t11 = E01107B9C(0x1175320, 0x106bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E010CB640(_t11, _t17, _v8 ^ _t29, 0x106bf15, _t27, _t28);
			}















                                      0x010858fb
                                      0x010858fe
                                      0x01085906
                                      0x0108590a
                                      0x0108593c
                                      0x0108593c
                                      0x0108590c
                                      0x0108590c
                                      0x01085911
                                      0x00000000
                                      0x01085913
                                      0x01085913
                                      0x01085913
                                      0x01085911
                                      0x0108591d
                                      0x010e1035
                                      0x010e103c
                                      0x010e103f
                                      0x010e1056
                                      0x010e1056
                                      0x0108593b

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ebc9185baf25b016d75ab21af5bab63448fbb8b583caebf6f1304e0aa16cf90
                                      • Instruction ID: 0b826a155718c7a8ff9e21dbd3bda81fc4352e2203c2eb7254f41e4372f24708
                                      • Opcode Fuzzy Hash: 6ebc9185baf25b016d75ab21af5bab63448fbb8b583caebf6f1304e0aa16cf90
                                      • Instruction Fuzzy Hash: A501D431A085099BC718EB29DC009AE7BBCEF41260F4400A9DAD5AB384DE70ED01C690
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010895F0 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E010895F0(intOrPtr _a4, char _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t10;
				void* _t17;
				void* _t18;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				intOrPtr _t29;

				_t29 = _a4;
				_push(_t25);
				if(_t29 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E011588F5(_t17, _t18, _t23, _t25, _t29, __eflags);
					_t10 = 0xc000000d;
				} else {
					_push(4);
					_push( &_a8);
					_push(4);
					_push( *((intOrPtr*)(_t29 + 0x24)));
					_t27 = E010CAE70();
					if(E010A7D50() != 0) {
						_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t21 = 0x7ffe0386;
					}
					if( *_t21 != 0) {
						__eflags = _t27;
						if(_t27 >= 0) {
							E01158C75(_t29, _a8);
						}
					}
					_t10 = _t27;
				}
				return _t10;
			}














                                      0x010895f9
                                      0x010895fc
                                      0x010895ff
                                      0x0108964d
                                      0x01089652
                                      0x01089616
                                      0x01089616
                                      0x0108961b
                                      0x0108961c
                                      0x0108961e
                                      0x01089626
                                      0x0108962f
                                      0x010e3a8b
                                      0x01089635
                                      0x01089635
                                      0x01089635
                                      0x0108963d
                                      0x010e3a96
                                      0x010e3a98
                                      0x010e3aa3
                                      0x010e3aa3
                                      0x010e3a98
                                      0x01089643
                                      0x01089643
                                      0x0108964a

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                      • Instruction ID: 1c1c0e733bb57d8b572266b563002ee6fa4da8ed948743c067fd2ac1308b3f26
                                      • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                      • Instruction Fuzzy Hash: 10012432A08145DBD711BA99C804F7937A5ABC8A2CF144199EED58B290DB34E950CB88
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158966 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 55%
                                      			E01158966(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t21;
				signed int _t35;

				_t32 = __edx;
				_v8 =  *0x117d360 ^ _t35;
				_t34 = _a8;
				_t33 = _a12;
				_v28 = _a4;
				_v62 = 0x1c24;
				_v36 = __ecx;
				_v32 = __edx;
				_v24 = _a8;
				_v20 = _a12;
				_v16 = _a16;
				if(E010A7D50() == 0) {
					_t21 = 0x7ffe0386;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x18);
				_push(0x403);
				_push( *_t21 & 0x000000ff);
				return E010CB640(E010C9AE0(), 0x1c24, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x01158966
                                      0x01158975
                                      0x0115897d
                                      0x01158986
                                      0x01158989
                                      0x0115898f
                                      0x01158993
                                      0x01158996
                                      0x01158999
                                      0x0115899c
                                      0x0115899f
                                      0x011589a9
                                      0x011589bb
                                      0x011589ab
                                      0x011589b4
                                      0x011589b4
                                      0x011589c6
                                      0x011589c7
                                      0x011589c9
                                      0x011589ce
                                      0x011589e4

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc9cb0887838e5fdce938d881f61a32e05cf68deef12f4a1f6af39a42f32b763
                                      • Instruction ID: c152e11728ad352707c027443ea8774096a6031af2655d54c2935972497036bd
                                      • Opcode Fuzzy Hash: cc9cb0887838e5fdce938d881f61a32e05cf68deef12f4a1f6af39a42f32b763
                                      • Instruction Fuzzy Hash: 5E010CB1A0021DEBDB04DFA9D9419EEB7F8FF58700F10446AE955E7340E7749A00CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109B02A Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0109B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E010A7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01107016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                      0x0109b037
                                      0x0109b039
                                      0x0109b03b
                                      0x0109b040
                                      0x010ea60e
                                      0x00000000
                                      0x00000000
                                      0x010ea61d
                                      0x0109b04b
                                      0x0109b04e
                                      0x010ea627
                                      0x010ea634
                                      0x00000000
                                      0x00000000
                                      0x010ea641
                                      0x010ea653
                                      0x010ea643
                                      0x010ea64c
                                      0x010ea64c
                                      0x010ea65b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010ea66c
                                      0x0109b057
                                      0x0109b057
                                      0x0109b057
                                      0x0109b046
                                      0x0109b046
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction ID: 18f371f387e7fafaf1f522f8e36e308b2f7cddfa227091082add6b662f823cad
                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction Fuzzy Hash: EA01D432304580DFE722C71ED898F667BD8EB8A750F0900E1FA55CB6A1D768DC40CA20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01151074 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E01151074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0115165E(__ebx, 0x1178ae4, (__edx -  *0x1178b04 >> 0x14) + (__edx -  *0x1178b04 >> 0x14), __edi, __ecx, (__edx -  *0x1178b04 >> 0x14) + (__edx -  *0x1178b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0114AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E010A7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0113FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                      0x01151074
                                      0x01151080
                                      0x01151082
                                      0x0115108a
                                      0x0115108f
                                      0x01151093
                                      0x011510ab
                                      0x011510ab
                                      0x011510c3
                                      0x011510cf
                                      0x011510e1
                                      0x011510d1
                                      0x011510da
                                      0x011510da
                                      0x011510e9
                                      0x011510f5
                                      0x011510f5
                                      0x011510fe

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1bf07eff800ded8d06ab740db893775e38da692853c2b9ebd904d84fe8b613ad
                                      • Instruction ID: da732c2d93c2a7e40f84917435b5ec6a92c7ca4006a327c731700f6d456f27c0
                                      • Opcode Fuzzy Hash: 1bf07eff800ded8d06ab740db893775e38da692853c2b9ebd904d84fe8b613ad
                                      • Instruction Fuzzy Hash: 8C012872604742EFC759EF68C904B1A7BE5AB84214F04C629FDA683290DF30D441CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114129A Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E0114129A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x117d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x1039;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E010A7D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}





















                                      0x0114129a
                                      0x0114129a
                                      0x011412a9
                                      0x011412b3
                                      0x011412b8
                                      0x011412ba
                                      0x011412c4
                                      0x011412ca
                                      0x011412d1
                                      0x011412d4
                                      0x011412d7
                                      0x011412dc
                                      0x011412dd
                                      0x011412e0
                                      0x011412f2
                                      0x011412e2
                                      0x011412eb
                                      0x011412eb
                                      0x011412fd
                                      0x011412fe
                                      0x01141300
                                      0x01141305
                                      0x01141318

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b7ae6a1d96f15fd2ecf551fed4c3d4f624b2633273e5fedf8acfd922c0e7aaf
                                      • Instruction ID: f13134120908b2ae07e6e58853f5fa345ec172bb53b766711fa98ad099904aec
                                      • Opcode Fuzzy Hash: 9b7ae6a1d96f15fd2ecf551fed4c3d4f624b2633273e5fedf8acfd922c0e7aaf
                                      • Instruction Fuzzy Hash: 730184B1A00259ABDB14EFA9D805EAFBBB8EF54B00F04406AF945EB380D674D900CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141751 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E01141751(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				void* __esi;
				void* _t17;
				signed char* _t18;
				intOrPtr _t24;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int _t36;

				_t29 = __edx;
				_t24 = __ebx;
				_v8 =  *0x117d360 ^ _t36;
				_t31 = __edx;
				_t34 = __ecx;
				E010CFA60( &_v52, 0, 0x2c);
				_v20 = _t34;
				_v46 = 0x103a;
				_v16 = _t31;
				_v12 = _a4;
				_t17 = E010A7D50();
				_t32 = _t30;
				_t35 = _t33;
				if(_t17 == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t24, _v8 ^ _t36, _t29, _t32, _t35);
			}





















                                      0x01141751
                                      0x01141751
                                      0x01141760
                                      0x0114176a
                                      0x0114176f
                                      0x01141771
                                      0x0114177b
                                      0x01141781
                                      0x01141788
                                      0x0114178b
                                      0x0114178e
                                      0x01141793
                                      0x01141794
                                      0x01141797
                                      0x011417a9
                                      0x01141799
                                      0x011417a2
                                      0x011417a2
                                      0x011417b4
                                      0x011417b5
                                      0x011417b7
                                      0x011417bc
                                      0x011417cf

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 21102e0f1222bdb4db8ddb4c9f6b87233ec4212194a0b566f3d29b7e208b07b9
                                      • Instruction ID: 5fcfbb2771c111cbaad28fd5fc720dd500428aa400a6fee9588f67f8145576f1
                                      • Opcode Fuzzy Hash: 21102e0f1222bdb4db8ddb4c9f6b87233ec4212194a0b566f3d29b7e208b07b9
                                      • Instruction Fuzzy Hash: 1A018871A00219EBDB14DBE9D805FAFB7B8EF54B40F04406AF945EB380D6749900CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158A62 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E01158A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x117d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E010A7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010CB640(E010C9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x01158a62
                                      0x01158a71
                                      0x01158a79
                                      0x01158a82
                                      0x01158a85
                                      0x01158a89
                                      0x01158a8c
                                      0x01158a8f
                                      0x01158a92
                                      0x01158a95
                                      0x01158a9f
                                      0x01158ab1
                                      0x01158aa1
                                      0x01158aaa
                                      0x01158aaa
                                      0x01158abc
                                      0x01158abd
                                      0x01158abf
                                      0x01158ac4
                                      0x01158ada

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef547fcd381604f022fba1e41926b03551b164be64d17710de371f5f3426a07f
                                      • Instruction ID: 1423990fb8c3536a7c77aef1c43768f03dad2d6459d487d88d64ea96fad7baa4
                                      • Opcode Fuzzy Hash: ef547fcd381604f022fba1e41926b03551b164be64d17710de371f5f3426a07f
                                      • Instruction Fuzzy Hash: 81012CB1A0021DAFCB04DFA9D9419EEBBB8EF58710F10405AF914F7341D734A900CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108DB60 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0108DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0108DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0108E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0108E8B0(__ecx, _t14, 0xfff);
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                      0x0108db64
                                      0x0108db66
                                      0x0108db6b
                                      0x0108dbaa
                                      0x0108db71
                                      0x0108db76
                                      0x0108db7a
                                      0x0108dba3
                                      0x0108db7c
                                      0x0108db87
                                      0x0108db8b
                                      0x010e4fa1
                                      0x010e4fb3
                                      0x010e4fb8
                                      0x0108db91
                                      0x0108db96
                                      0x0108db98
                                      0x0108db98
                                      0x0108db8b
                                      0x0108db7a
                                      0x0108db9d
                                      0x0108dba2

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction ID: 886f33e06ce3b3b236c550ef0da4803701288eb37a5167d4c367da6cdf60c4db
                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction Fuzzy Hash: 3BF0C833209533DBD3327AD98894F6FBA959FD2A60F150135F3C59B284CA608C0287D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108B1E1 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0108B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E010A7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E010A7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01107016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                      0x0108b1e8
                                      0x0108b1ea
                                      0x0108b1f3
                                      0x010e4a17
                                      0x0108b1f9
                                      0x0108b1f9
                                      0x0108b1f9
                                      0x0108b201
                                      0x010e4a21
                                      0x010e4a2e
                                      0x00000000
                                      0x00000000
                                      0x010e4a3b
                                      0x010e4a4d
                                      0x010e4a3d
                                      0x010e4a46
                                      0x010e4a46
                                      0x010e4a55
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0108b20a
                                      0x0108b20a
                                      0x0108b20a
                                      0x0108b20a

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction ID: 1058b98f54dea9c15c8a93fce88eff675bc038d0d7e248e6a1ce13bf54e50f29
                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction Fuzzy Hash: 1A01A432204A809FD722A75EC808F697FD9EF51764F0D40A1FAD4CB6B2DA79D801C355
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01159BBE Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 52%
                                      			E01159BBE(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v66;
				char _v72;
				void* __edi;
				void* __esi;
				signed char* _t19;
				intOrPtr _t25;
				signed int _t33;

				_t30 = __edx;
				_v12 =  *0x117d360 ^ _t33;
				_v40 = _v40 & 0x00000000;
				_t32 = _a12;
				_v36 = __edx;
				_v66 = 0x1c21;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E010A7D50() == 0) {
					_t19 = 0x7ffe0386;
				} else {
					_t19 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x403);
				_push( *_t19 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t25, _v12 ^ _t33, _t30, 0x1c21, _t32);
			}
















                                      0x01159bbe
                                      0x01159bcd
                                      0x01159bd6
                                      0x01159bdb
                                      0x01159be4
                                      0x01159be7
                                      0x01159beb
                                      0x01159bee
                                      0x01159bf1
                                      0x01159bfb
                                      0x01159c0d
                                      0x01159bfd
                                      0x01159c06
                                      0x01159c06
                                      0x01159c18
                                      0x01159c19
                                      0x01159c1b
                                      0x01159c20
                                      0x01159c35

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d12029cbe44261b471b7cab0aa7c134cec9c3c8967fc5ad20f9c50d69d4fa25
                                      • Instruction ID: 710f58aa8accb9f4bb8ad6dea911347ff0424cd9281aad2803667a67964113be
                                      • Opcode Fuzzy Hash: 8d12029cbe44261b471b7cab0aa7c134cec9c3c8967fc5ad20f9c50d69d4fa25
                                      • Instruction Fuzzy Hash: 39012C71A0061DDBDB04DFA9D841AEEBBB8AF58710F14405AE955AB380D734AA01CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141229 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E01141229(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x117d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1036;
				_v12 = _t29;
				if(E010A7D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}


















                                      0x01141229
                                      0x01141238
                                      0x0114123d
                                      0x0114123f
                                      0x01141246
                                      0x01141247
                                      0x01141247
                                      0x0114124e
                                      0x01141251
                                      0x01141255
                                      0x0114125f
                                      0x01141271
                                      0x01141261
                                      0x0114126a
                                      0x0114126a
                                      0x0114127c
                                      0x0114127d
                                      0x0114127f
                                      0x01141284
                                      0x01141299

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cfea879f9d22df1bd4291534c63e34e9d88ec418c3f293b7d5c83591282b5717
                                      • Instruction ID: d84f464f9dd292fb0c93a7e4f30bccf6031bed4217e59818d9df571705a24970
                                      • Opcode Fuzzy Hash: cfea879f9d22df1bd4291534c63e34e9d88ec418c3f293b7d5c83591282b5717
                                      • Instruction Fuzzy Hash: E501A972A00218ABDB14DBF9D4059EFB7B8EF54710F00805AE551FB290DA7599008B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01081480 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E01081480(intOrPtr* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t12;
				intOrPtr* _t18;
				intOrPtr _t23;
				intOrPtr* _t25;

				_v8 = __ecx;
				_t23 = __edx;
				_t12 = E0108187D(__edx, __ecx + 0xe, __ecx,  &_v12, 0,  &_v16,  &_v8);
				if(_t12 >= 0) {
					_t25 = _v8;
					if(_t25 != 0) {
						_t18 = _v12;
						if(_t18 != 0) {
							 *_t18 =  *_t25;
						}
						E010814DE(_t23, _t25);
						_t12 = L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t25);
					}
					return _t12;
				}
				return _t12;
			}










                                      0x0108148c
                                      0x01081493
                                      0x010814a2
                                      0x010814a9
                                      0x010814ac
                                      0x010814b1
                                      0x010814b3
                                      0x010814b8
                                      0x010814bc
                                      0x010814bc
                                      0x010814c2
                                      0x010814d3
                                      0x010814d3
                                      0x00000000
                                      0x010814d8
                                      0x010814dd

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                      • Instruction ID: 20021944feb650cf9cb78e4375905e633163e28bef34460c64543e3909b2e0d4
                                      • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                      • Instruction Fuzzy Hash: 8CF08135B01108AFDB15EA49D840EFEBBADDF84610F1401A9A985E7640DA31AE02C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011417D2 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E011417D2(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				void* __edi;
				void* __esi;
				signed char* _t16;
				intOrPtr _t22;
				signed int _t24;
				intOrPtr _t29;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				signed int _t33;

				_t29 = __edx;
				_v8 =  *0x117d360 ^ _t33;
				_t32 = __ecx;
				_t30 =  &_v48;
				_t24 = 0xa;
				memset(_t30, 0, _t24 << 2);
				_t31 = _t30 + _t24;
				_v16 = _t32;
				_v42 = 0x1038;
				_v12 = _t29;
				if(E010A7D50() == 0) {
					_t16 = 0x7ffe0380;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t16 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t22, _v8 ^ _t33, _t29, _t31, _t32);
			}


















                                      0x011417d2
                                      0x011417e1
                                      0x011417e6
                                      0x011417e8
                                      0x011417ef
                                      0x011417f0
                                      0x011417f0
                                      0x011417f7
                                      0x011417fa
                                      0x011417fe
                                      0x01141808
                                      0x0114181a
                                      0x0114180a
                                      0x01141813
                                      0x01141813
                                      0x01141825
                                      0x01141826
                                      0x01141828
                                      0x0114182d
                                      0x01141842

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d501abad797e1350af314b6d8a8145bca546dfa938f226d7dfedae238ed85b6
                                      • Instruction ID: a76bad17fa26ce2a3b1e25548623557820baa01a377fe97ed02b9d547470c7d0
                                      • Opcode Fuzzy Hash: 1d501abad797e1350af314b6d8a8145bca546dfa938f226d7dfedae238ed85b6
                                      • Instruction Fuzzy Hash: 4801A472E00258ABDB04EFB9D8059EEB7B8EF44710F0080AAF551EB280DA74A9058B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B5AA0 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E010B5AA0(void* __ecx, intOrPtr _a4, char _a8) {
				void* __esi;
				void* __ebp;
				char* _t9;
				void* _t17;
				void* _t20;
				void* _t22;
				intOrPtr _t24;

				_t18 = __ecx;
				_push(__ecx);
				_t24 = _a4;
				if(_t24 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					_t9 = E011588F5(_t17, _t18, _t20, _t22, _t24, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(5);
					_push( *((intOrPtr*)(_t24 + 0x24)));
					E010CAE70();
					if(E010A7D50() != 0) {
						_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t9 = 0x7ffe0386;
					}
					if( *_t9 != 0) {
						_t9 = E01158C14(_t24, _a8);
					}
				}
				return _t9;
			}










                                      0x010b5aa0
                                      0x010b5aa8
                                      0x010b5aaa
                                      0x010b5aaf
                                      0x010b5af8
                                      0x010b5ac6
                                      0x010b5ac6
                                      0x010b5acb
                                      0x010b5acc
                                      0x010b5ace
                                      0x010b5ad1
                                      0x010b5add
                                      0x010f71de
                                      0x010b5ae3
                                      0x010b5ae3
                                      0x010b5ae3
                                      0x010b5aeb
                                      0x010f71ed
                                      0x010f71ed
                                      0x010b5aeb
                                      0x010b5af5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                      • Instruction ID: 6ca000d1d8bd2719ef549717b385638cf98dc2e769e8bc74618422902d6d25b0
                                      • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                      • Instruction Fuzzy Hash: F301D13164074AEFD7619B18CCC5FAA77A8AB00720F0081D5FDA4EB291D7B4E9408B92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01083591 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E01083591(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t19;
				void* _t25;
				intOrPtr _t26;

				_t22 = __edx;
				_t20 = __ecx;
				if(__ecx == 0 || __edx == 0) {
					L7:
					E011588F5(_t19, _t20, _t22, _t25, _t26, __eflags);
					return 0xc000000d;
				}
				_t26 = _a4;
				if(_t26 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L7;
				}
				_push(0x1e);
				_v12 =  *((intOrPtr*)(_t26 + 0x28));
				_push(8);
				_push( &_v12);
				_v8 = __edx;
				_push( &_v20);
				_push(__ecx);
				_t16 = E010C9770();
				if(_t16 >= 0) {
					E010AF0AE(_t26, 1);
					return 0;
				}
				return _t16;
			}












                                      0x01083591
                                      0x01083591
                                      0x0108359c
                                      0x010835ea
                                      0x010835ea
                                      0x00000000
                                      0x010835ef
                                      0x010835a2
                                      0x010835a7
                                      0x00000000
                                      0x00000000
                                      0x010835bb
                                      0x010835bd
                                      0x010835c3
                                      0x010835c5
                                      0x010835c9
                                      0x010835cc
                                      0x010835cd
                                      0x010835ce
                                      0x010835d5
                                      0x010835dc
                                      0x00000000
                                      0x010835e1
                                      0x010835e7

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                      • Instruction ID: c95af4fe170f196a5449c769d01c5fc7e774cb37a392ca0b5e98f2c4888a8605
                                      • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                      • Instruction Fuzzy Hash: A7F0FC71A053059BEB55FB698450FAEBBE8FFD4B10F048195EEC1DB100DA31DA4087A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0113FDD3 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 56%
                                      			E0113FDD3(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				void* __edi;
				signed char* _t15;
				intOrPtr _t21;
				signed int _t23;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_v8 =  *0x117d360 ^ _t32;
				_t28 = __ecx;
				_t29 =  &_v52;
				_t23 = 0xa;
				memset(_t29, 0, _t23 << 2);
				_t30 = _t29 + _t23;
				_v20 = _t28;
				_v46 = 0x268;
				if(E010A7D50() == 0) {
					_t15 = 0x7ffe0388;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t21, _v8 ^ _t32, _t28, _t30, _t31);
			}
















                                      0x0113fde2
                                      0x0113fde6
                                      0x0113fde8
                                      0x0113fdef
                                      0x0113fdf0
                                      0x0113fdf0
                                      0x0113fdf7
                                      0x0113fdfa
                                      0x0113fe05
                                      0x0113fe17
                                      0x0113fe07
                                      0x0113fe10
                                      0x0113fe10
                                      0x0113fe22
                                      0x0113fe23
                                      0x0113fe25
                                      0x0113fe2a
                                      0x0113fe3e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65717df85870bee5c664848eb22a6b7d204dc265d5f2daa15585bd52c42dd611
                                      • Instruction ID: 315f6cd6f18c455317e856bc4aaa32a341ed37a7cfc8bf4ab9de3f98f76352dc
                                      • Opcode Fuzzy Hash: 65717df85870bee5c664848eb22a6b7d204dc265d5f2daa15585bd52c42dd611
                                      • Instruction Fuzzy Hash: 56F0C871B04259ABDB04EBA9D805EBEB3B4EF44B00F414069F501EB690EA31D911C751
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01081BE9 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E01081BE9(void* __ecx, signed int** __edx, void* __eflags) {
				char _v8;
				signed int* _t9;
				signed int* _t12;
				void* _t14;
				signed int* _t15;
				signed int** _t22;

				_push(__ecx);
				_v8 = 0x10;
				_push( &_v8);
				_t22 = __edx;
				_t14 = 0x10;
				if(E01081C45(_t14, __ecx) < 0) {
					L4:
					_t9 = 0;
				} else {
					_t15 = E010A4620(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					if(_t15 == 0) {
						goto L4;
					} else {
						 *_t15 =  *_t15 & 0x00000000;
						_t5 =  &(_t15[2]); // 0x8
						_t12 = _t5;
						 *_t12 = 1;
						_t15[2] = 0;
						 *_t22 = _t12;
						_t9 = _t15;
					}
				}
				return _t9;
			}









                                      0x01081bee
                                      0x01081bf3
                                      0x01081bfa
                                      0x01081bfb
                                      0x01081c01
                                      0x01081c09
                                      0x01081c41
                                      0x01081c41
                                      0x01081c0b
                                      0x01081c1e
                                      0x01081c22
                                      0x00000000
                                      0x01081c24
                                      0x01081c24
                                      0x01081c27
                                      0x01081c27
                                      0x01081c2d
                                      0x01081c32
                                      0x01081c36
                                      0x01081c38
                                      0x01081c38
                                      0x01081c22
                                      0x01081c3e

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                      • Instruction ID: 73c3f241653bc7f87093f58adae641e03b94afc6df776327c80b661076c6065c
                                      • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                      • Instruction Fuzzy Hash: 50F09671618209AFD718DB29CC01B96B7EDEF98310F14807995C5C7250FAB2ED12D754
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0114131B Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E0114131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x117d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E010A7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x0114131b
                                      0x0114132a
                                      0x01141330
                                      0x01141336
                                      0x0114133e
                                      0x01141341
                                      0x01141344
                                      0x0114134f
                                      0x01141361
                                      0x01141351
                                      0x0114135a
                                      0x0114135a
                                      0x0114136c
                                      0x0114136d
                                      0x0114136f
                                      0x01141374
                                      0x01141387

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16a539b2c26f3badf3016dafbfa74e9546e0bbb82e9a1bb1077ad1cdf20c5d90
                                      • Instruction ID: 8150f34515832f80d9e51a0a5be774dbcdaf8682e756652c055d403a18103797
                                      • Opcode Fuzzy Hash: 16a539b2c26f3badf3016dafbfa74e9546e0bbb82e9a1bb1077ad1cdf20c5d90
                                      • Instruction Fuzzy Hash: D3013C71A0520DAFCB14EFA9D545AAEB7F4FF18700F408069B945EB381E634AA40CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B6B90 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E010B6B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                      0x010b6b96
                                      0x010b6b99
                                      0x010b6b9d
                                      0x010b6be9
                                      0x010b6beb
                                      0x010b6beb
                                      0x010b6bb3
                                      0x010b6bb3
                                      0x010b6bb5
                                      0x010b6bba
                                      0x010b6bc1
                                      0x010b6bc3
                                      0x010b6bc5
                                      0x010b6be0
                                      0x010b6be0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010b6bc7
                                      0x010b6bc7
                                      0x010b6bd0
                                      0x010b6bd5
                                      0x010b6bd6
                                      0x010b6bd9
                                      0x00000000
                                      0x010b6bc7
                                      0x010b6ba5
                                      0x010b6bac
                                      0x00000000
                                      0x00000000
                                      0x010b6bae
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                      • Instruction ID: 92e0689cf5685f51008b7f1d6bb67bd3dfe2b85a8033ac677511a46682652961
                                      • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                      • Instruction Fuzzy Hash: 2BF04976A01208DFDB58CE48C690EECBBB1EB44310F2844B8E5469B700D63A9E80DB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158F6A Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E01158F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x117d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E010A7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x01158f6a
                                      0x01158f79
                                      0x01158f81
                                      0x01158f84
                                      0x01158f8b
                                      0x01158f91
                                      0x01158f94
                                      0x01158f9e
                                      0x01158fb0
                                      0x01158fa0
                                      0x01158fa9
                                      0x01158fa9
                                      0x01158fbb
                                      0x01158fbc
                                      0x01158fbe
                                      0x01158fc3
                                      0x01158fd6

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a05d13fab81fa8548f11bb597da0e07de5f4d7babc844d59b967c5f61de0b643
                                      • Instruction ID: 9a7866a0ddb33a741841f30b68d4951029dbecfe947084f5f4e4a952685d32d2
                                      • Opcode Fuzzy Hash: a05d13fab81fa8548f11bb597da0e07de5f4d7babc844d59b967c5f61de0b643
                                      • Instruction Fuzzy Hash: 26014F74A0020DEFDB04EFA9D545AAEB7F4EF18700F50806AB955EB380EB34DA00CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AC577 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010AC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E010AC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10611cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                      0x010ac577
                                      0x010ac57d
                                      0x010ac581
                                      0x010ac5b5
                                      0x010ac5b9
                                      0x010ac5ce
                                      0x010ac5ce
                                      0x010ac5ca
                                      0x00000000
                                      0x010ac5ca
                                      0x010ac5c4
                                      0x010ac5c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010ac5ad
                                      0x00000000
                                      0x010ac5af

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 664cc3f53824ee57965f8a25e8096e6132131a3b3985e9118dbdfdc538b19e7e
                                      • Instruction ID: 8fd0f7f7008fc8269f55a3d69518d74656fc368e2dbbcb7ce0b7f759a8a2ddf0
                                      • Opcode Fuzzy Hash: 664cc3f53824ee57965f8a25e8096e6132131a3b3985e9118dbdfdc538b19e7e
                                      • Instruction Fuzzy Hash: 85F090B29157909FFBB6C7BCC244B217FD89B05670FC684A6F5D687102D6A4DCC0C250
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01142073 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E01142073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0113FD22(__ecx);
				_t19 =  *0x117849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1178748; // 0x0
					if(__eflags <= 0) {
						E01141C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1178724 & 0x00000004;
							if(( *0x1178724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1178724; // 0x0
					return E01138DF1(__ebx, 0xc0000374, 0x1175890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                      0x01142076
                                      0x01142078
                                      0x0114207d
                                      0x01142083
                                      0x011420a4
                                      0x011420aa
                                      0x011420ac
                                      0x011420b7
                                      0x011420ba
                                      0x011420bc
                                      0x011420c9
                                      0x011420c9
                                      0x011420d0
                                      0x011420d2
                                      0x00000000
                                      0x011420d2
                                      0x011420be
                                      0x011420c3
                                      0x011420c5
                                      0x011420c7
                                      0x00000000
                                      0x00000000
                                      0x011420c7
                                      0x011420bc
                                      0x011420d4
                                      0x01142085
                                      0x01142085
                                      0x011420a3
                                      0x011420a3

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f096d2dd327744424aa3b5b886f428e5504dbe9ffc3606289ef492e3c617178
                                      • Instruction ID: 92057b66745c9e1c178e732a963b2b3d1ccaf72dba53fff1a5b68854632c18b4
                                      • Opcode Fuzzy Hash: 0f096d2dd327744424aa3b5b886f428e5504dbe9ffc3606289ef492e3c617178
                                      • Instruction Fuzzy Hash: EAF0A06A8255854BDF3E6B2D75093E9AFF2D795924B090495E4A127309C73888D3CB24
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C927A Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E010C927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E010CFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010C92C6(_t11, _t14);
				}
				return _t11;
			}





                                      0x010c9295
                                      0x010c9299
                                      0x010c929f
                                      0x010c92aa
                                      0x010c92ad
                                      0x010c92ae
                                      0x010c92af
                                      0x010c92b0
                                      0x010c92b4
                                      0x010c92bb
                                      0x010c92bb
                                      0x010c92c5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction ID: 56e9424b5a7263adee4683d5dafdd60089affab5e98b988cc81caeb5e650760a
                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction Fuzzy Hash: 56E02B723405016BE7119F4ACC80F8B779EDF92B24F04407CB5405E242C6E5DC088BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158D34 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 43%
                                      			E01158D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x117d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E010A7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                      0x01158d34
                                      0x01158d43
                                      0x01158d4b
                                      0x01158d4e
                                      0x01158d52
                                      0x01158d5c
                                      0x01158d6e
                                      0x01158d5e
                                      0x01158d67
                                      0x01158d67
                                      0x01158d79
                                      0x01158d7a
                                      0x01158d7c
                                      0x01158d81
                                      0x01158d94

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b20b4db874de799b7e3a05a82212f3d8caba14ec94840be4932ad7323fdb2d94
                                      • Instruction ID: efe44bab0d74548b151b53b8345193301ade04371299efa9448b1e3e39934986
                                      • Opcode Fuzzy Hash: b20b4db874de799b7e3a05a82212f3d8caba14ec94840be4932ad7323fdb2d94
                                      • Instruction Fuzzy Hash: 2AF0B470A0460CDFDB18EFB9D441BAE77B4EF18700F508099E955EB380DA34D900CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158C14 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 43%
                                      			E01158C14(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x117d360 ^ _t26;
				_v20 = __ecx;
				_v46 = 0x1c28;
				_v16 = __edx;
				if(E010A7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                      0x01158c14
                                      0x01158c23
                                      0x01158c2b
                                      0x01158c2e
                                      0x01158c32
                                      0x01158c3c
                                      0x01158c4e
                                      0x01158c3e
                                      0x01158c47
                                      0x01158c47
                                      0x01158c59
                                      0x01158c5a
                                      0x01158c5c
                                      0x01158c61
                                      0x01158c74

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8078440378a020c502089122039a21ead293c246fcb265b8e31c6e0cce1c186c
                                      • Instruction ID: d6ea0881dbd147909b816c04120149817bb3da6f293f62ea9a57b0276a020198
                                      • Opcode Fuzzy Hash: 8078440378a020c502089122039a21ead293c246fcb265b8e31c6e0cce1c186c
                                      • Instruction Fuzzy Hash: 07F0B470A04209DFDB18EFB9E901EAE77B4FF14700F404459A955EB380EA34D900CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158C75 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 43%
                                      			E01158C75(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x117d360 ^ _t26;
				_v20 = __ecx;
				_v46 = 0x1c27;
				_v16 = __edx;
				if(E010A7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                      0x01158c75
                                      0x01158c84
                                      0x01158c8c
                                      0x01158c8f
                                      0x01158c93
                                      0x01158c9d
                                      0x01158caf
                                      0x01158c9f
                                      0x01158ca8
                                      0x01158ca8
                                      0x01158cba
                                      0x01158cbb
                                      0x01158cbd
                                      0x01158cc2
                                      0x01158cd5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d61b5b2e6c4b79dc59a32735f36a092a1a8aa2f40ffc35db271f59e395c6452
                                      • Instruction ID: c8c5f7de024833944271daa1aa3c382fc7d54a0bea5312a9e316487e51a7f03b
                                      • Opcode Fuzzy Hash: 5d61b5b2e6c4b79dc59a32735f36a092a1a8aa2f40ffc35db271f59e395c6452
                                      • Instruction Fuzzy Hash: ACF0B470A14249DFDB08EFB9D901EAEB7B4EF14700F404099A955EB380EB34D900CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158B58 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E01158B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x117d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E010A7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x01158b67
                                      0x01158b6f
                                      0x01158b72
                                      0x01158b7d
                                      0x01158b8f
                                      0x01158b7f
                                      0x01158b88
                                      0x01158b88
                                      0x01158b9a
                                      0x01158b9b
                                      0x01158b9d
                                      0x01158ba2
                                      0x01158bb5

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54559d7ffa72f7433d925c38228a316dbf4ad5350f7bcc03e3d12257ca8f50f5
                                      • Instruction ID: d3c544b6b915c79672801b20a87c9c0746182ec9d2bb779fc1b779373134c2e2
                                      • Opcode Fuzzy Hash: 54559d7ffa72f7433d925c38228a316dbf4ad5350f7bcc03e3d12257ca8f50f5
                                      • Instruction Fuzzy Hash: B1F082B0A14259EFDB14EBA9D906EAE77B8EF04700F440459BA55EB381EB34D900CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158BB6 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E01158BB6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x117d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c25;
				if(E010A7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x20402);
				_push( *_t11 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x01158bc5
                                      0x01158bcd
                                      0x01158bd0
                                      0x01158bdb
                                      0x01158bed
                                      0x01158bdd
                                      0x01158be6
                                      0x01158be6
                                      0x01158bf8
                                      0x01158bf9
                                      0x01158bfb
                                      0x01158c00
                                      0x01158c13

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c834d8a9f6e79abc5d3b576346aa3ff66c9cc5c3ced8e0ce380312cfb6e05d74
                                      • Instruction ID: df69e815c9fc011ce9d71560e23de7d4f51fb9e27998ab69741459957f76a3e6
                                      • Opcode Fuzzy Hash: c834d8a9f6e79abc5d3b576346aa3ff66c9cc5c3ced8e0ce380312cfb6e05d74
                                      • Instruction Fuzzy Hash: E5F08970A0425DDFDB14EFA9D505EBE77B8EF04700F444059B955DB381EA34D900C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01141BA8 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E01141BA8(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x117d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x102e;
				if(E010A7D50() == 0) {
					_t11 = 0x7ffe0380;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v44);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x01141bb7
                                      0x01141bbf
                                      0x01141bc2
                                      0x01141bcd
                                      0x01141bdf
                                      0x01141bcf
                                      0x01141bd8
                                      0x01141bd8
                                      0x01141bea
                                      0x01141beb
                                      0x01141bed
                                      0x01141bf2
                                      0x01141c05

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3546250986bf93793fd5a8cc77968d5e3fca98f8203bce27a543b221769b66ac
                                      • Instruction ID: 27073c1b1425d640e9a3e645c1f6bd5f28de584468241ffa8b99e3b131043180
                                      • Opcode Fuzzy Hash: 3546250986bf93793fd5a8cc77968d5e3fca98f8203bce27a543b221769b66ac
                                      • Instruction Fuzzy Hash: 7DF08271A0524CABDB18EBE9D446AAE77B8EF08704F400099E545EB380EA74E940CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A746D Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E010A746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0109EB70(__ecx, 0x11779a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E010C95D0();
							L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                      0x010a746d
                                      0x010a746d
                                      0x010a746d
                                      0x010a7471
                                      0x010a7488
                                      0x010ef92d
                                      0x010a748e
                                      0x010a7491
                                      0x010a7495
                                      0x010ef937
                                      0x010ef93a
                                      0x010ef94e
                                      0x010ef953
                                      0x010ef956
                                      0x010ef956
                                      0x010a7495
                                      0x00000000
                                      0x010a7488
                                      0x010a7473
                                      0x010a7478
                                      0x010a747d
                                      0x010a7481
                                      0x00000000
                                      0x010a7481
                                      0x010a747d
                                      0x010a747a
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c82cfc44ed349a92520e8de73e32497f3c4027424c8eca1b9ef307d421ac8225
                                      • Instruction ID: 9251fd7094789090c5b44eb5d27d47dd1618f30668ed7efb3cd0f826711b9df8
                                      • Opcode Fuzzy Hash: c82cfc44ed349a92520e8de73e32497f3c4027424c8eca1b9ef307d421ac8225
                                      • Instruction Fuzzy Hash: D5F0E934501245EADF4A97FCC440BBE7FF1AF14310F848155D4D1A7161EB279C00C785
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01158CD6 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E01158CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x117d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E010A7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010CB640(E010C9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x01158ce5
                                      0x01158ced
                                      0x01158cf0
                                      0x01158cfb
                                      0x01158d0d
                                      0x01158cfd
                                      0x01158d06
                                      0x01158d06
                                      0x01158d18
                                      0x01158d19
                                      0x01158d1b
                                      0x01158d20
                                      0x01158d33

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ce17ef16fab70a0d58ded586bcc2bdc3435c5ed8d0a1f60af4cc0bb6f48fb0e
                                      • Instruction ID: 996add8064375e52e78784c5334d28ebb5bbbf688433c0bbc3c779051c893674
                                      • Opcode Fuzzy Hash: 8ce17ef16fab70a0d58ded586bcc2bdc3435c5ed8d0a1f60af4cc0bb6f48fb0e
                                      • Instruction Fuzzy Hash: 25F08270A04209EBDB08EBA9E946EAE77B8EF18700F500199E955EB380EA34D900CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01084F2E Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E01084F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E010AC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1061030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                      0x01084f2e
                                      0x01084f34
                                      0x01084f38
                                      0x010e0b85
                                      0x010e0b85
                                      0x010e0b89
                                      0x010e0b9a
                                      0x010e0b9a
                                      0x010e0b9f
                                      0x00000000
                                      0x010e0b9f
                                      0x010e0b94
                                      0x010e0b98
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e0b98
                                      0x01084f3e
                                      0x01084f48
                                      0x00000000
                                      0x01084f6e
                                      0x00000000
                                      0x01084f70

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4487fbc6476920e0c6ed09bd2222aac18784487adebe6f3be4dd85164e63f407
                                      • Instruction ID: 76734f29e7d3c904b96c4050cbaef6bde9c0a23872344560b8c1ccb4a4316676
                                      • Opcode Fuzzy Hash: 4487fbc6476920e0c6ed09bd2222aac18784487adebe6f3be4dd85164e63f407
                                      • Instruction Fuzzy Hash: E2F0BE326256858FEBA6DB2EC188B22B7D8BB00778F4584A4F59587926C7B4E884C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108354C Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0108354C(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(__ecx == 0 || E010AC5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x1061008 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011588F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				} else {
					return 1;
				}
			}









                                      0x0108354c
                                      0x01083552
                                      0x01083556
                                      0x010dfef1
                                      0x010dfef5
                                      0x010dff06
                                      0x010dff06
                                      0x010dff0b
                                      0x00000000
                                      0x010dff0b
                                      0x010dff00
                                      0x010dff04
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01083589
                                      0x00000000
                                      0x0108358b

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a0293f1457877aa04cfbfed6ffc1f2e24153a63469a87a1fd6d4e566923689f2
                                      • Instruction ID: 1b5e0d6c225b8b4fa9d9fa6310f981e8b87e9a7c115209350e51df801a44b551
                                      • Opcode Fuzzy Hash: a0293f1457877aa04cfbfed6ffc1f2e24153a63469a87a1fd6d4e566923689f2
                                      • Instruction Fuzzy Hash: 29F0823191579AAFE7A2D76CC144B12BBE89F05B70F1580A5E986C7903C768D881C690
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BA44B Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010BA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1177b9c; // 0x0
				_t15 = __ecx;
				_t16 = E010A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E010CFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                      0x010ba44b
                                      0x010ba453
                                      0x010ba472
                                      0x010ba476
                                      0x00000000
                                      0x010ba493
                                      0x010ba47a
                                      0x010ba47f
                                      0x010ba486
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ee2dadbbc56f6e4cf07950db1c43f02756fdbf0958509df891bcb216ff4e577c
                                      • Instruction ID: 46bef9bb7e241840e7194260a69fc75d2064f3c5afca17f3330672f607bd8891
                                      • Opcode Fuzzy Hash: ee2dadbbc56f6e4cf07950db1c43f02756fdbf0958509df891bcb216ff4e577c
                                      • Instruction Fuzzy Hash: 9DE092B2B01422EBD2215B58AC40FABB3ADDBE4A51F094039F644C7254DA68DD01CBE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108F358 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E0108F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E010BF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = E010A4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                      0x0108f35d
                                      0x0108f361
                                      0x0108f367
                                      0x0108f372
                                      0x0108f38c
                                      0x0108f38c
                                      0x0108f394

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction ID: 0dd8a3218b28d59c1bd0cfa964e0a85e7d884b0493123239fb24f38a7480e98a
                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction Fuzzy Hash: 37E0D832A41119FBDB21A6D99D05FDABFACDB58AA0F0441A5BA44D7150D5619D00C2D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010815C1 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010815C1(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				intOrPtr* _t17;

				_t14 = __ecx;
				_t17 = __ecx;
				if(( *(__edx + 2) & 0x00000001) != 0) {
					L5:
					return 0;
				}
				 *__edx =  *__edx + 0xffff;
				if( *__edx != 0) {
					goto L5;
				}
				_t4 = _t17 + 8; // 0x8
				if(__edx != _t4) {
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __edx);
					_t14 = _t17;
				}
				E01081480(_t14, _a4);
				return 1;
			}




                                      0x010815c1
                                      0x010815cb
                                      0x010815cd
                                      0x010815f3
                                      0x00000000
                                      0x010815f3
                                      0x010815d4
                                      0x010815d7
                                      0x00000000
                                      0x00000000
                                      0x010815d9
                                      0x010815de
                                      0x010def10
                                      0x010def15
                                      0x010def15
                                      0x010815e7
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                      • Instruction ID: 4efee38d1b4b9bed2b5fd5650e58fd39e98af8ad5fa922db88742319d038c53c
                                      • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                      • Instruction Fuzzy Hash: A7E06531618246DBDB61BA58C541BBAB799AF51704F0880B5E4C28B552DA719D83C3E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B4710 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B4710(intOrPtr* _a4) {
				void* _t5;
				intOrPtr _t12;
				intOrPtr* _t14;

				_t5 = E010A7D50();
				if(_t5 != 0) {
					_t12 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x10));
					L3:
					 *_a4 = _t12;
					L4:
					return 1;
				}
				if( *0x7ffe0268 == _t5) {
					_t14 = _a4;
					if(E011364FB(_t14) >= 0) {
						goto L4;
					}
					 *_t14 = 1;
					return 0;
				}
				_t12 =  *0x7ffe0264;
				goto L3;
			}






                                      0x010b4716
                                      0x010b471d
                                      0x010f6655
                                      0x010b4735
                                      0x010b4738
                                      0x010b473a
                                      0x00000000
                                      0x010b473a
                                      0x010b4729
                                      0x010f662d
                                      0x010f6639
                                      0x00000000
                                      0x00000000
                                      0x010f6641
                                      0x00000000
                                      0x010f6641
                                      0x010b472f
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                      • Instruction ID: a30d462c5437abeace6e0e051fdaf84b68350941752c9432d435c3cf6d3eddda
                                      • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                      • Instruction Fuzzy Hash: EAF065762043419FDB16DF55D080AE97BF5BB56350F040095ED828B352DB32EA42DB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010AE760 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010AE760(void* __ecx, void* __eflags, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t20;

				_t17 = __ecx;
				_t20 = __ecx;
				if(E010AC5D5(__ecx, _t18) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10611dc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L7:
						E011588F5(_t16, _t17, _t18, _t19, _t20, __eflags);
						L8:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L8;
					}
					goto L7;
				} else {
					return 1;
				}
			}









                                      0x010ae760
                                      0x010ae766
                                      0x010ae76f
                                      0x010f4014
                                      0x010f4018
                                      0x010f4029
                                      0x010f4029
                                      0x010f402e
                                      0x00000000
                                      0x010f402e
                                      0x010f4023
                                      0x010f4027
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010ae795
                                      0x00000000
                                      0x010ae797

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac3d69f2bbb65387ce9106ea0ade87d3a3f9f564782d59da960b833eb00f8f80
                                      • Instruction ID: 232a6a88cee82e9f410a620c75a0a0dc201343c4e1722d26df0f718f343e0060
                                      • Opcode Fuzzy Hash: ac3d69f2bbb65387ce9106ea0ade87d3a3f9f564782d59da960b833eb00f8f80
                                      • Instruction Fuzzy Hash: E9F0A031914284DFEBA2D76DD144B227BD8AB44370F0544A9EA85C7912C774D880C260
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C5C70 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E010C5C70(intOrPtr _a4, char _a8) {
				void* __ebp;
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = _a4;
				if(_t13 == 0 || _a8 < 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011588F5(_t12, _t13, _t14, _t15, _t16, __eflags);
				} else {
					_push(4);
					_push( &_a8);
					_push(0xe);
					_push( *((intOrPtr*)(_t13 + 0x24)));
					return E010CAE70();
				}
			}









                                      0x010c5c75
                                      0x010c5c7a
                                      0x00000000
                                      0x010c5c91
                                      0x010c5c91
                                      0x010c5c96
                                      0x010c5c97
                                      0x010c5c99
                                      0x00000000
                                      0x010c5c9c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                      • Instruction ID: f485f50b6e0ced8bad5908428ffb725ff2d99637a8c32a205463be20a2ae0180
                                      • Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                      • Instruction Fuzzy Hash: CFE09A7520024CEEEB109B05C884F693BA9AB44B20F008158AA598B062C770E884EF44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B3F33 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B3F33(void* __ecx, signed char _a4) {
				signed int _t12;

				if(( *(__ecx + 0x40) & 0x75010f63) != 2 || ( *( *[fs:0x30] + 0x68) & 0x00000800) != 0) {
					return 0;
				} else {
					if((_a4 & 0x00000001) != 0) {
						_t12 = 1;
					} else {
						_t12 =  *0x1176240; // 0x4
					}
					return 0x7d0 + _t12 * 0x3480;
				}
			}




                                      0x010b3f43
                                      0x00000000
                                      0x010b3f54
                                      0x010b3f58
                                      0x010b3f70
                                      0x010b3f5a
                                      0x010b3f5a
                                      0x010b3f5a
                                      0x00000000
                                      0x010b3f65

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1be65053ddbab742c42625bae5236c3bd45b7d0eb8d9812c4151e6dec4a496b
                                      • Instruction ID: 5f1ec75812d93ec74ffb27cc7f678a6180a08b350a5500233724e9411e08b067
                                      • Opcode Fuzzy Hash: e1be65053ddbab742c42625bae5236c3bd45b7d0eb8d9812c4151e6dec4a496b
                                      • Instruction Fuzzy Hash: 2BE02633614246ABD762961CC5C37A637F8F760748F304465E8C6CF582D268E981C688
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109FF60 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0109FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10611a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011588F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E010A0050(_t14);
				}
			}










                                      0x0109ff66
                                      0x0109ff6b
                                      0x00000000
                                      0x0109ff8f
                                      0x00000000
                                      0x0109ff8f

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 225d11a6ef7604becb2071e8f60d8923fb6c113a8dc3b13f6cb200a608c9e61f
                                      • Instruction ID: d411cb3d613a6d3d07b53748e701e72c9793a93f46e4943953d287712d45a969
                                      • Opcode Fuzzy Hash: 225d11a6ef7604becb2071e8f60d8923fb6c113a8dc3b13f6cb200a608c9e61f
                                      • Instruction Fuzzy Hash: 3EE0DFB0205206DFDF79DB5AD0B0F293FDC9F52621F19809DF4888B202C661E8C0E686
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011141E8 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E011141E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11608f0);
				_t5 = E010DD08C(__ebx, __edi, __esi);
				if( *0x11787ec == 0) {
					E0109EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11787ec == 0) {
						 *0x11787f0 = 0x11787ec;
						 *0x11787ec = 0x11787ec;
						 *0x11787e8 = 0x11787e4;
						 *0x11787e4 = 0x11787e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01114248();
				}
				return E010DD0D1(_t5);
			}





                                      0x011141e8
                                      0x011141ea
                                      0x011141ef
                                      0x011141fb
                                      0x01114206
                                      0x0111420b
                                      0x01114216
                                      0x0111421d
                                      0x01114222
                                      0x0111422c
                                      0x01114231
                                      0x01114231
                                      0x01114236
                                      0x0111423d
                                      0x0111423d
                                      0x01114247

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54c207e02680c32898ba1e994ba3db7d01598428e06b97937016249ab2fbd0c1
                                      • Instruction ID: a5b0af882c99b804923dcca4b9cf66978d7842f0a0619217da0fb1664cbc317c
                                      • Opcode Fuzzy Hash: 54c207e02680c32898ba1e994ba3db7d01598428e06b97937016249ab2fbd0c1
                                      • Instruction Fuzzy Hash: D7F01574810B01CECBB8EFA9E508784B7B4F798721F00813A9166877C8C77444E1CF01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0113D380 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0113D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0108E8B0(__ecx, _a4, 0xfff);
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                      0x0113d38a
                                      0x0113d39b
                                      0x0113d3b1
                                      0x00000000
                                      0x0113d3b6
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction ID: 7a86030c4ae07fb616c1bc19ae455abe2502c7cff50ed7df3f3753ba5c6bf8e3
                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction Fuzzy Hash: BAE0C231288205FBDF266E84DC00FB97B16EB907A0F504031FE486A690C6719C91D6C4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01082CDB Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 58%
                                      			E01082CDB(intOrPtr* __ecx) {
				intOrPtr* _t9;

				_t9 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) != 0) {
					_push(0);
					_push( *((intOrPtr*)(__ecx + 0x2c)));
					E010C95C0();
				}
				if( *_t9 != 0) {
					_push( *_t9);
					E010C95D0();
				}
				return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t9);
			}




                                      0x01082cde
                                      0x01082ce4
                                      0x010df970
                                      0x010df972
                                      0x010df975
                                      0x010df975
                                      0x01082ced
                                      0x01082d02
                                      0x01082d04
                                      0x01082d04
                                      0x01082d01

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                      • Instruction ID: f131130464d980c56c38ed4d1fb602b324584cdefe69b68846b865a61236fa64
                                      • Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                      • Instruction Fuzzy Hash: 6DE08C32054711EFDB323B28ED00FAA7AA1BB24B10F11446AE0C1050A48A719881CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010BA185 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010BA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11767e4 >= 0xa) {
					if(_t5 < 0x1176800 || _t5 >= 0x1176900) {
						return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E010A0010(0x11767e0, _t5);
				}
			}





                                      0x010ba190
                                      0x010ba1a6
                                      0x010ba1c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010ba192
                                      0x010ba192
                                      0x010ba19f
                                      0x010ba19f

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d5ffb1b64048a525456737df61bdf2677c5a4c8cea9df06b405aed68968ad7f5
                                      • Instruction ID: 97bc4f88d9e3c9ccfe3124b8d666cf60db538bcf9eb2e161a89fbc522aba615c
                                      • Opcode Fuzzy Hash: d5ffb1b64048a525456737df61bdf2677c5a4c8cea9df06b405aed68968ad7f5
                                      • Instruction Fuzzy Hash: C3D02B71261800AAE72D13508E94BE53736F784790F348C0CF2830B794EB508CD4C108
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 011053CA Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E011053CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0109EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                      0x011053ca
                                      0x011053ce
                                      0x011053d9
                                      0x011053de
                                      0x011053e1
                                      0x011053e1
                                      0x011053e6
                                      0x011053f3
                                      0x00000000
                                      0x011053f8
                                      0x011053fb

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction ID: 9fbf4d6d7387e75f4680fa733b52ab3255ab0b7a92c501a748c9fdfd70f6d299
                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction Fuzzy Hash: BDE08C319046809BCF17DB88C650F9EBBF6FB84B00F140004A0485F6A0C765AC00CB00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0109AAB0 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0109AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                      0x0109aab6
                                      0x0109aabb
                                      0x010ea442
                                      0x00000000
                                      0x010ea448
                                      0x010ea454
                                      0x010ea454
                                      0x0109aac1
                                      0x0109aac1
                                      0x0109aac6
                                      0x0109aac6

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction ID: da76780f084db65c6d384c07786764dba89c9503b26720a2a789926baf2c1291
                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction Fuzzy Hash: 29D0C275352980CFDA569B1DC568B1577E4BB44A44FC504D0E5418B662E62CD944CA00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B35A1 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0109EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                      0x010b35a1
                                      0x010b35a1
                                      0x010b35a5
                                      0x010b35ab
                                      0x010b35ab
                                      0x010b35b5
                                      0x00000000
                                      0x010b35c1
                                      0x010b35b7

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction ID: 1063662825076f29cf98418d680e214334a4b6303c9732490171dd0c2bbbb7d4
                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction Fuzzy Hash: 31D0A931401181DAEF82EF14C2A87ECBBB2BB00208F7820A580C20E852E33A4A0AD600
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108DB40 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0108DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = E010A4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                      0x0108db4d
                                      0x0108db54
                                      0x0108db5f
                                      0x0108db56
                                      0x0108db56
                                      0x0108db5c
                                      0x0108db5c

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction ID: f11e06bcba6ea6807782186541836464b52325c68e21243d204d39f161c2f3d8
                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction Fuzzy Hash: 96C08C30280A41EAEB222F60CD01B803AA0BB10B01F8800A06380DA0F0EBB8D801E600
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0110A537 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0110A537(intOrPtr _a4, intOrPtr _a8) {

				return L010A8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                      0x0110a553

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction ID: 651ccf683bacd5fc7c5139885d039ef8b91836f9c44779eb2e1cafc5573fcd31
                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction Fuzzy Hash: 81C01232080248BBCB12AE81CC00F467B2AEBA4B60F008011BA480A560C632E970EA84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A3A1C Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010A3A1C(intOrPtr _a4) {
				void* _t5;

				return E010A4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                      0x010a3a35

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction ID: 15cc3301c572c170e9159732046e1a94552251b6cdf41489501274de14752033
                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction Fuzzy Hash: 77C08C32080248BBC7126E81DC00F417B29E7A4B60F040020B6040A560C6B2EC60D588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0108AD30 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0108AD30(intOrPtr _a4) {

				return L010A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                      0x0108ad49

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction ID: bf1918d530c7a26f4474936442d7ca6dcfb3748e3cf77d72608db74a86fd24ec
                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction Fuzzy Hash: 15C08C32080248BBC7126B85CD00F157F29E7A0B60F004020F6040A661C932EC60D588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B4190 Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B4190() {

				if(E010A7D50() != 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x14));
				} else {
					return  *0x7ffe02d0;
				}
			}



                                      0x010b4197
                                      0x010f641c
                                      0x010b419d
                                      0x010b41a2
                                      0x010b41a2

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                      • Instruction ID: af684b6de99c16b475ca1798626594d351482b06d6d9202b3a3b305bc9cf3545
                                      • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                      • Instruction Fuzzy Hash: 9EC0483A711A418FCF16EB6AC284F5A37F4BB44B44F1508E0E945CBB22EA25E840CA50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010A7D50 Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010A7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                      0x010a7d56
                                      0x010a7d5b
                                      0x010a7d60
                                      0x010a7d5d
                                      0x010a7d5d
                                      0x010a7d5d

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction ID: c5d388a9894832a1b238182aef3ff040105908e17ef7ad02140b10f17fb9bc37
                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction Fuzzy Hash: ADB092353019408FCE56EF18C080B1533F4BB44A40B8440D0E400CBA21D22AE8008900
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B2ACB Relevance: .0, Instructions: 5COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E010B2ACB() {
				void* _t5;

				return E0109EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                      0x010b2adc

                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction ID: 1a0c74c469410c3e0e0cabee58d969924c35a83941e78fa31dab3ca72b590a10
                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction Fuzzy Hash: 1BB01232C10441CFCF02EF40C620B5A7331FB40750F054490900127D30C229AC01DB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9910 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ab7a4a40690fa97173eb77dca5e03dec2da8550f9210e2c2c538898904da1e9
                                      • Instruction ID: 3ea439a482da0503e37cb8a1957edd3bf8280193573be1af82020d6e7eaf197d
                                      • Opcode Fuzzy Hash: 8ab7a4a40690fa97173eb77dca5e03dec2da8550f9210e2c2c538898904da1e9
                                      • Instruction Fuzzy Hash: 349002B124110902D140719984047460105A7D0341F51D011B5454558EC6998DD577A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9950 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 770e7f4daf5de660bfe94a97396ca4fe263607f76c719c99c9b2327769566016
                                      • Instruction ID: 4a11fe07300f0388b76105c1a583c442c845295d07e9bee5d7bf97e6835b0f9f
                                      • Opcode Fuzzy Hash: 770e7f4daf5de660bfe94a97396ca4fe263607f76c719c99c9b2327769566016
                                      • Instruction Fuzzy Hash: 949002A124150903D140659988046070105A7D0342F51D011B2454559ECA698C517275
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C99A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37bba0b214893b940b87ea28c12e6e74baeb6ce7a4c05a14f3bfba677c6dbc2d
                                      • Instruction ID: 1c12b18ab42ddad91e2b0574d9c96bf12925192829468cf3f4adf76ce7e57e88
                                      • Opcode Fuzzy Hash: 37bba0b214893b940b87ea28c12e6e74baeb6ce7a4c05a14f3bfba677c6dbc2d
                                      • Instruction Fuzzy Hash: 1A9002A138110942D10061998414B060105E7E1341F51D015F1454558DC659CC527266
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C99D0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79d22f7aafb9dbf5f6b0ac55d812cdb0fa325893924c2b059d8e13752c315673
                                      • Instruction ID: ade979340a1e3c1cc991d0a9f6d9030ddce9e59588f0444c46940f601b2a28d7
                                      • Opcode Fuzzy Hash: 79d22f7aafb9dbf5f6b0ac55d812cdb0fa325893924c2b059d8e13752c315673
                                      • Instruction Fuzzy Hash: B29002A125110542D104619984047060145A7E1241F51D012B2544558CC5698C616265
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9820 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46254fffad063bb8d335aa7f13e2309249388fef84cb442f0354b1ecadcd52c7
                                      • Instruction ID: 946426aab9b8db9fe95e0aeb6723928069830e3f1263577521e245f958033c73
                                      • Opcode Fuzzy Hash: 46254fffad063bb8d335aa7f13e2309249388fef84cb442f0354b1ecadcd52c7
                                      • Instruction Fuzzy Hash: 4A90027128110902D141719984046060109B7D0281F91D012B0814558EC6958A56BBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010CB040 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 552e0e0f3c71f49c9cc15e1373239e0369aacf52208b3dc720943a30a681f0eb
                                      • Instruction ID: 45ff9ce71552cfaedea77d60e2c20a1015362bb0a38ca348ee9b255c92f8c8ab
                                      • Opcode Fuzzy Hash: 552e0e0f3c71f49c9cc15e1373239e0369aacf52208b3dc720943a30a681f0eb
                                      • Instruction Fuzzy Hash: 489002A1641245434540B19988044065115B7E1341791D121B0844564CC6A88855A3A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9840 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e8e1b0f80a6c5a33f47ded0be9c480398200c890d0f9f8414f0c814a3a329f19
                                      • Instruction ID: ad0d0eebac78cd646d0e3bb8188c76b01f97b9968d043f699034129832fe2544
                                      • Opcode Fuzzy Hash: e8e1b0f80a6c5a33f47ded0be9c480398200c890d0f9f8414f0c814a3a329f19
                                      • Instruction Fuzzy Hash: 63900261282146525545B19984045074106B7E0281B91D012B1804954CC5669856E761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C98A0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b2a35acf93360c1de5f603c17f078d3094884c481c67eefa23171d844b04b3c
                                      • Instruction ID: 966f2ee88d43528e55851617b6759137a4d9cae7e0201b986cecb8cfd3bfed8a
                                      • Opcode Fuzzy Hash: 0b2a35acf93360c1de5f603c17f078d3094884c481c67eefa23171d844b04b3c
                                      • Instruction Fuzzy Hash: 9890026134110902D102619984146060109E7D1385F91D012F1814559DC6658953B272
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C98F0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f6b5758750f85e3b56f62821185be0e23043df59bfea3d1dd692e2a9e7f9b46f
                                      • Instruction ID: aa4c66432f3800a06dd56c97cb65b58aad80076c682913a291b0a496278d0126
                                      • Opcode Fuzzy Hash: f6b5758750f85e3b56f62821185be0e23043df59bfea3d1dd692e2a9e7f9b46f
                                      • Instruction Fuzzy Hash: 8290026164110A02D10171998404616010AA7D0281F91D022B1414559ECA658992B271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9B00 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52876d7de05f771a4f45d1d21df685fc780b6367d2902d4bd5dedeefe740b1cb
                                      • Instruction ID: 623a688dd43fa1ef861e41436891ca334b4b0ffbe98a5e69e5c0fd1522f49af1
                                      • Opcode Fuzzy Hash: 52876d7de05f771a4f45d1d21df685fc780b6367d2902d4bd5dedeefe740b1cb
                                      • Instruction Fuzzy Hash: 2590026128110D02D1407199C4147070106E7D0641F51D011B0414558DC656896577F1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010CA3B0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4bf06fa0f90ba5ff3b81d6b2e0167c995280f19b2e4fd9a9a8fc661c45348456
                                      • Instruction ID: 369bbbb22cd328daf4856624f82adf4a0bffac5b0e4e409d1f937359f6cfd2dc
                                      • Opcode Fuzzy Hash: 4bf06fa0f90ba5ff3b81d6b2e0167c995280f19b2e4fd9a9a8fc661c45348456
                                      • Instruction Fuzzy Hash: 7B90027124154502D1407199C44460B5105B7E0341F51D411F0815558CC6558856A361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9A00 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0d44336d7b0d3fe103143b838e849acdd180b1dd7a4e8d235d4bd9cc50c38c44
                                      • Instruction ID: a3a04db5c02f0b6c6ee832bc96b0c55a6d1ded9e1a8bcb92f18161952cc15742
                                      • Opcode Fuzzy Hash: 0d44336d7b0d3fe103143b838e849acdd180b1dd7a4e8d235d4bd9cc50c38c44
                                      • Instruction Fuzzy Hash: 0C90027124150902D1006199881470B0105A7D0342F51D011B1554559DC665885176B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9A10 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 603cb550d1844a1555f73317d1f4fbfb508c2cb7cb496819d61f5e728deff121
                                      • Instruction ID: 0bef33e558eda2c19837ea682fc806d60afc4aeec7a71c3689dbce8789266d89
                                      • Opcode Fuzzy Hash: 603cb550d1844a1555f73317d1f4fbfb508c2cb7cb496819d61f5e728deff121
                                      • Instruction Fuzzy Hash: D390027124150902D100619988087470105A7D0342F51D011B5554559EC6A5C8917671
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9A20 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 793639edec8c594b6c952b3404304395711e4dce91e93999721a889c83b97161
                                      • Instruction ID: 2f8e6f4360604f8efc425f8a4b80ba9ebe084460bc6f85273abd76efd78e8d92
                                      • Opcode Fuzzy Hash: 793639edec8c594b6c952b3404304395711e4dce91e93999721a889c83b97161
                                      • Instruction Fuzzy Hash: 0190026164110542414071A9C8449064105BBE1251B51D121B0D88554DC599886567A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9A50 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 80b9bf2aaf4a152978fa7717413b13d2be99804fc9f6d16b367cb6cbcbd50557
                                      • Instruction ID: 722d1a2a06000c003e37a1a0435ab7cb50c498f83dfae01b9aeb210cff8bdfb5
                                      • Opcode Fuzzy Hash: 80b9bf2aaf4a152978fa7717413b13d2be99804fc9f6d16b367cb6cbcbd50557
                                      • Instruction Fuzzy Hash: 7A90026125190542D20065A98C14B070105A7D0343F51D115B0544558CC95588616661
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9A80 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e54273806d3d9a201ba722dde9f40e1cf1d7235cb243d29113277b59c246b243
                                      • Instruction ID: 5e8506cd01f459c293219479d306cbcfe66747ee7d38ae5ab649b7579b13f955
                                      • Opcode Fuzzy Hash: e54273806d3d9a201ba722dde9f40e1cf1d7235cb243d29113277b59c246b243
                                      • Instruction Fuzzy Hash: B290026124154942D14062998804B0F4205A7E1242F91D019B4546558CC95588556761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4d9ac8701777a7e672e107bb6b841640740d6039c1de556ea51a2a10e0ad03e
                                      • Instruction ID: e9f2dc35cdb8bda0391526bdffcbf44f0217d0a594dfa8d67755f2f389e7815e
                                      • Opcode Fuzzy Hash: e4d9ac8701777a7e672e107bb6b841640740d6039c1de556ea51a2a10e0ad03e
                                      • Instruction Fuzzy Hash: 6F9002E1241245924500A299C404B0A4605A7E0241F51D016F1444564CC5658851A275
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010CAD30 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 88358df26c9d24a95006a7aafbc0e2931c42a897a6a3da54d5e44eb94eba1458
                                      • Instruction ID: e188def01bcb443b1065d7d08ffbd4116ea0fb38a46ac9f0847298d5827e5b1e
                                      • Opcode Fuzzy Hash: 88358df26c9d24a95006a7aafbc0e2931c42a897a6a3da54d5e44eb94eba1458
                                      • Instruction Fuzzy Hash: D0900271A45105129140719988146464106B7E0781F55D011B0904558CC9948A5563E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9540 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fa687a30b9b55a18f103902d4908342642ce93bceb7196d63dcb6bae71b63f3
                                      • Instruction ID: 626f8e1c63eed035a28f6e34ae9f826015b25736688abb38b2d34f59edbc0fb0
                                      • Opcode Fuzzy Hash: 5fa687a30b9b55a18f103902d4908342642ce93bceb7196d63dcb6bae71b63f3
                                      • Instruction Fuzzy Hash: 59900475351105030105F5DD47045070147F7D53D1751D031F1405554CD771CC717371
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9560 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a595625c601ab9904284fe3486771b3d30b9a797dfc2568e9eaeebf5565be86
                                      • Instruction ID: 3ad58776a8d35845ed20729518e50ae9b82e46cbbe4b9062656eae6b53bab227
                                      • Opcode Fuzzy Hash: 8a595625c601ab9904284fe3486771b3d30b9a797dfc2568e9eaeebf5565be86
                                      • Instruction Fuzzy Hash: AA900265261105020145A599460450B0545B7D6391791D015F1806594CC66188656361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C95D0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2bab31c320de4138a2e0c6accbad5f77b56a7b502496d1708265d4462a2f390
                                      • Instruction ID: a40379aae4728bc5486f57ac1e50bb59be7fdc204807c6fa02b09b9726805ebf
                                      • Opcode Fuzzy Hash: f2bab31c320de4138a2e0c6accbad5f77b56a7b502496d1708265d4462a2f390
                                      • Instruction Fuzzy Hash: BB9002A124210503410571998414616410AA7E0241F51D021F1404594DC56588917265
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C95F0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dd21ec4f4ca0b1fce25bc49b2fc25da3346c0345f1523a837cee541f676e9086
                                      • Instruction ID: 0ec047acd117c8cedd99ebabe86cf49684285db8ef2ce3515807d3c83cbf9438
                                      • Opcode Fuzzy Hash: dd21ec4f4ca0b1fce25bc49b2fc25da3346c0345f1523a837cee541f676e9086
                                      • Instruction Fuzzy Hash: FB90027124110D02D104619988046860105A7D0341F51D011B6414659ED6A588917271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010CA710 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d636353e065f6150165f2b41ed1948b4908d7867eca45cadaafb1e7a91aa4ea
                                      • Instruction ID: 600aa0f2179ff1e7b54de2666c90a29591acf513228b78252cf869f10fa06196
                                      • Opcode Fuzzy Hash: 8d636353e065f6150165f2b41ed1948b4908d7867eca45cadaafb1e7a91aa4ea
                                      • Instruction Fuzzy Hash: 6E900271341105529500A6D99804A4A4205A7F0341F51E015B4404558CC59488616261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9710 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 416aa207f4dc2e90ea2db3a54a5c49f5cbf8d7996d54dd1a72af41fcb6943715
                                      • Instruction ID: f99abb2dbb8c1ea10b60fd47a91282e908a9102e1da1af2a1d4dbb90d9192788
                                      • Opcode Fuzzy Hash: 416aa207f4dc2e90ea2db3a54a5c49f5cbf8d7996d54dd1a72af41fcb6943715
                                      • Instruction Fuzzy Hash: 4090027124110902D10065D994086460105A7E0341F51E011B5414559EC6A588917271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9730 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8fbcdccf1cf7c7c6eb688b3a75341da18f14eaf29dbdb0568bf9d86aec880274
                                      • Instruction ID: 6390dc2e1680674858220fd6c8a98f63ff043aadc3ac7ea04b5bc5d8518280dd
                                      • Opcode Fuzzy Hash: 8fbcdccf1cf7c7c6eb688b3a75341da18f14eaf29dbdb0568bf9d86aec880274
                                      • Instruction Fuzzy Hash: 4E90026164510902D140719994187060115A7D0241F51E011B0414558DC6998A5577E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9760 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 782b2f471baeb9fac4299edd43dd308417b5c00bab660485a4fbd125700a1980
                                      • Instruction ID: b93fe9eb4ca2dc16044d8550248ab56ee3451627eb5042a4d0da1b53d924a1d7
                                      • Opcode Fuzzy Hash: 782b2f471baeb9fac4299edd43dd308417b5c00bab660485a4fbd125700a1980
                                      • Instruction Fuzzy Hash: 3C90027124110903D100619995087070105A7D0241F51E411B081455CDD69688517261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010CA770 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75cb74f584ff492c5dc7f6567c5dcbb6f675909d3c6323468a7822accd858c15
                                      • Instruction ID: df4bf0b8fe7ba5d5bed9beb3598d13804c9ab3427622818a2c3de07cfcd9d39d
                                      • Opcode Fuzzy Hash: 75cb74f584ff492c5dc7f6567c5dcbb6f675909d3c6323468a7822accd858c15
                                      • Instruction Fuzzy Hash: 2590027524514942D50065999804A870105A7D0345F51E411B081459CDC6948861B261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9770 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8689300b0eef282371528b596d8a3bff0d65b38b3a4a039053c0d1279534c440
                                      • Instruction ID: f2c23950cde481d713462dd15c3be9215531325d41dd9fd46f4e30fc73e2045a
                                      • Opcode Fuzzy Hash: 8689300b0eef282371528b596d8a3bff0d65b38b3a4a039053c0d1279534c440
                                      • Instruction Fuzzy Hash: A690026124514942D10065999408A060105A7D0245F51E011B1454599DC6758851B271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9780 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8a82153960a60d7e4e23f77c066515ee4d4d9a1e79ee973af9c7a526840e7e8
                                      • Instruction ID: 602d979dfcf0a5956e74e6e2e9b9028c63785ec62915582aa2a9dc5a8e7c0682
                                      • Opcode Fuzzy Hash: a8a82153960a60d7e4e23f77c066515ee4d4d9a1e79ee973af9c7a526840e7e8
                                      • Instruction Fuzzy Hash: 3890026925310502D1807199940860A0105A7D1242F91E415B040555CCC95588696361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C97A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a786afc16b5de3fff1497cf26e5a39630d10da27c4a84306f062de2b76ff5aa7
                                      • Instruction ID: 68afc879a937205d5bf540d4acb6844b3fb452ff991ce9049dd9105d477ec017
                                      • Opcode Fuzzy Hash: a786afc16b5de3fff1497cf26e5a39630d10da27c4a84306f062de2b76ff5aa7
                                      • Instruction Fuzzy Hash: 2B90026134110503D140719994186064105F7E1341F51E011F0804558CD95588566362
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9FE0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b5eb70bbf39c5c6b1fa980f233ac45ec985416dbc38795704d67ed705237a0b5
                                      • Instruction ID: c5dc6d9c33c067dc8a17a5e4d2bf88857b12d7f371b9f973b7dc8cc4b41e8751
                                      • Opcode Fuzzy Hash: b5eb70bbf39c5c6b1fa980f233ac45ec985416dbc38795704d67ed705237a0b5
                                      • Instruction Fuzzy Hash: 9B90027135124902D1106199C4047060105A7D1241F51D411B0C1455CDC6D588917262
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9610 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 41da8556feea161362e52180245b0b486567bb1e94975d5596a9045ac2a0ad7f
                                      • Instruction ID: f089d9c2d892472cd36bd3c8f0f1e5e41eda9980603f6d150f886166e72fdd0e
                                      • Opcode Fuzzy Hash: 41da8556feea161362e52180245b0b486567bb1e94975d5596a9045ac2a0ad7f
                                      • Instruction Fuzzy Hash: BB90027164510D02D150719984147460105A7D0341F51D011B0414658DC7958A5577E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9650 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: beee3e44763be57ed249c8aeb498b349a3b3427f485a23b351acce0373aa5a37
                                      • Instruction ID: 5550f7f0fe37c53667e26e6c639b7f934379c91879a46c18278f1dcc0850d182
                                      • Opcode Fuzzy Hash: beee3e44763be57ed249c8aeb498b349a3b3427f485a23b351acce0373aa5a37
                                      • Instruction Fuzzy Hash: 1A90027124514D42D14071998404A460115A7D0345F51D011B0454698DD6658D55B7A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C96D0 Relevance: .0, Instructions: 4COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d756533d250e3cab741a17ecc342b6dc409f7e82318a615097b0b7420c46000
                                      • Instruction ID: 816fd2ffe104e10406a25be47de0d949da4e4bf70d48091e3e54d9d72a41a9fb
                                      • Opcode Fuzzy Hash: 9d756533d250e3cab741a17ecc342b6dc409f7e82318a615097b0b7420c46000
                                      • Instruction Fuzzy Hash: 3290027124110D42D10061998404B460105A7E0341F51D016B0514658DC655C8517661
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010C9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction ID: 2f09e8fdc3138303efbda9f4d6033c5aa1252d6a446ebda1e01154c53f356248
                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction Fuzzy Hash:
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010840FD Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 195COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E010840FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x117d360 ^ _t107;
				_v8 =  *0x117d360 ^ _t107;
				_t105 = __ecx;
				if( *0x11784d4 == 0) {
					L5:
					return E010CB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0109E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E010842EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E010841EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E010C96C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0108429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E01115720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E010CFA60( &_v548, 0, 0x214);
						_t106 =  *0x11784d4;
						_t110 = _t108 + 0x20;
						 *0x117b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x11784d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E010CB75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E01115720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E010D1480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E01115720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E010D1150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E01115720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E01103E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E01115720();
						goto L15;
					}
					L8:
					_t56 = E010841F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                      0x0108410d
                                      0x0108410f
                                      0x0108411c
                                      0x0108411e
                                      0x01084158
                                      0x01084168
                                      0x01084168
                                      0x01084126
                                      0x01084130
                                      0x0108413c
                                      0x010e04a2
                                      0x01084142
                                      0x0108414b
                                      0x0108414b
                                      0x0108414f
                                      0x0108416b
                                      0x01084171
                                      0x01084176
                                      0x01084178
                                      0x010841d0
                                      0x010841d2
                                      0x010841d3
                                      0x010841a7
                                      0x010841ae
                                      0x010841b0
                                      0x010841db
                                      0x010841b2
                                      0x010841b8
                                      0x010841bf
                                      0x010841c1
                                      0x010841c1
                                      0x010841c1
                                      0x010841c3
                                      0x010841c5
                                      0x010841df
                                      0x010841e2
                                      0x010841e2
                                      0x010841c7
                                      0x010841c9
                                      0x010e0628
                                      0x010e0628
                                      0x010e0630
                                      0x010e0631
                                      0x010e0633
                                      0x010e0635
                                      0x010e0635
                                      0x00000000
                                      0x010841c9
                                      0x0108417d
                                      0x01084183
                                      0x01084189
                                      0x0108418e
                                      0x01084190
                                      0x010e04a9
                                      0x010e04af
                                      0x00000000
                                      0x00000000
                                      0x010e04b5
                                      0x010e04c8
                                      0x010e04d5
                                      0x010e04e5
                                      0x010e04ea
                                      0x010e04f6
                                      0x010e0518
                                      0x010e051e
                                      0x010e0520
                                      0x010e0522
                                      0x00000000
                                      0x00000000
                                      0x010e0528
                                      0x010e052e
                                      0x010e0530
                                      0x00000000
                                      0x00000000
                                      0x010e053b
                                      0x010e053d
                                      0x00000000
                                      0x00000000
                                      0x010e0545
                                      0x010e054c
                                      0x010e054e
                                      0x010e0623
                                      0x00000000
                                      0x010e0623
                                      0x010e0556
                                      0x010e0557
                                      0x010e056f
                                      0x010e0574
                                      0x010e0583
                                      0x010e058a
                                      0x010e058b
                                      0x010e058d
                                      0x010e05b5
                                      0x010e05c0
                                      0x010e05c6
                                      0x010e05c8
                                      0x010e05cb
                                      0x010e05cd
                                      0x010e05d3
                                      0x010e05d5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x010e05db
                                      0x010e05db
                                      0x010e05e3
                                      0x010e05e7
                                      0x010e05e9
                                      0x010e05eb
                                      0x010e05ed
                                      0x010e05ed
                                      0x010e05fa
                                      0x010e05ff
                                      0x010e0606
                                      0x010e060b
                                      0x010e060d
                                      0x00000000
                                      0x00000000
                                      0x010e0613
                                      0x010e0613
                                      0x010e0616
                                      0x010e0616
                                      0x00000000
                                      0x010e061e
                                      0x010e058f
                                      0x010e0594
                                      0x010e0596
                                      0x010e0598
                                      0x00000000
                                      0x010e059d
                                      0x01084196
                                      0x01084198
                                      0x0108419d
                                      0x0108419f
                                      0x00000000
                                      0x00000000
                                      0x010841a1
                                      0x00000000
                                      0x01084151
                                      0x01084151
                                      0x01084151
                                      0x00000000
                                      0x01084151

                                      Strings
                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 010E058F
                                      • Execute=1, xrefs: 010E057D
                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 010E05F1
                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010E0566
                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010E05AC
                                      • ExecuteOptions, xrefs: 010E050A
                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010E04BF
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                      • API String ID: 0-484625025
                                      • Opcode ID: 05cef0b8e8d03663f16520682c797089c62810c396edef8911e41cb4510c905a
                                      • Instruction ID: e98f5d0fc5884c03adb0b09fc718c30e355e07d5389f9f47b7a400a4625f364d
                                      • Opcode Fuzzy Hash: 05cef0b8e8d03663f16520682c797089c62810c396edef8911e41cb4510c905a
                                      • Instruction Fuzzy Hash: 37613B31B0421A7AEF21EA95DC85FEE7BB9AF68704F0400E9E6C5D7181DB709E408F64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E010B8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x117d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1178464; // 0x74cc0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1175780 & 0x00000003) != 0) {
							E01105510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1175780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E010CB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1177984; // 0xb22c18
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1178464; // 0x74cc0110
					 *0x117b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E010B9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1175780 & 0x00000005) != 0) {
						_push(_t49);
						E01105510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                      0x010b8e0f
                                      0x010b8e16
                                      0x010b8e19
                                      0x010b8e1b
                                      0x010b8e21
                                      0x010b8e7f
                                      0x010b8e85
                                      0x010f9354
                                      0x010f936c
                                      0x010f9371
                                      0x010f937b
                                      0x010f9381
                                      0x010f9381
                                      0x010f937b
                                      0x010b8e9d
                                      0x010b8e9d
                                      0x010b8e29
                                      0x010b8e2c
                                      0x010b8e38
                                      0x010b8e3e
                                      0x010b8e43
                                      0x010b8eb5
                                      0x010b8eb9
                                      0x010f92aa
                                      0x010f92af
                                      0x010f92e8
                                      0x010f92e8
                                      0x010f92af
                                      0x010b8eb9
                                      0x010b8e45
                                      0x010b8e53
                                      0x010b8e5b
                                      0x010b8e5f
                                      0x010b8e78
                                      0x010b8e78
                                      0x010b8e7d
                                      0x010b8ec3
                                      0x010b8ecd
                                      0x010b8ed2
                                      0x010b8ed2
                                      0x010b8ec5
                                      0x010b8ec5
                                      0x00000000
                                      0x010b8e7d
                                      0x010b8e67
                                      0x010b8ea4
                                      0x010f931a
                                      0x00000000
                                      0x00000000
                                      0x010f9320
                                      0x010b8ea4
                                      0x010b8e70
                                      0x010f9325
                                      0x010f9340
                                      0x010f9345
                                      0x010f9345
                                      0x010b8e76
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      APIs
                                      Strings
                                      • LdrpFindDllActivationContext, xrefs: 010F9331, 010F935D
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 010F933B, 010F9367
                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 010F9357
                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 010F932A
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 3446177414-3779518884
                                      • Opcode ID: 4b30d9c6ae6e3e457ea0eb21e63bbc4bc162fe7889e9bdeaa3ae357453d442d5
                                      • Instruction ID: 2bbe8a1244b80011617d6d6fedb79fef82947968978819b925ec0019832771fa
                                      • Opcode Fuzzy Hash: 4b30d9c6ae6e3e457ea0eb21e63bbc4bc162fe7889e9bdeaa3ae357453d442d5
                                      • Instruction Fuzzy Hash: D041FB31A003159EDBB6AA1CC8C9BB9B6FDAB04758F09C1ABE5E457271E7709DC08781
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010B645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 26%
                                      			E010B645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x117d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E010CFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E010A2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E0109FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x117b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E010CB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                      0x010b645b
                                      0x010b6463
                                      0x010b646d
                                      0x010b6475
                                      0x010b647a
                                      0x010b647e
                                      0x010b6480
                                      0x010b648c
                                      0x010b6490
                                      0x010b6495
                                      0x010b6498
                                      0x010b649b
                                      0x010b649f
                                      0x010b64a1
                                      0x010f7c07
                                      0x010f7c09
                                      0x010f7c0c
                                      0x00000000
                                      0x010b64a7
                                      0x010b64a7
                                      0x010b64aa
                                      0x010f7bf7
                                      0x010f7c00
                                      0x00000000
                                      0x010f7bf9
                                      0x010f7bf9
                                      0x010f7bf9
                                      0x010b64b0
                                      0x010b64b0
                                      0x010b64b2
                                      0x010b64b2
                                      0x010b64b3
                                      0x010b64ba
                                      0x010b6553
                                      0x010b655e
                                      0x010b6566
                                      0x010b656c
                                      0x010b6575
                                      0x010b657f
                                      0x010b6585
                                      0x010b6588
                                      0x010b6588
                                      0x010b64c7
                                      0x010b64cb
                                      0x010b64ce
                                      0x010b64d3
                                      0x010b64da
                                      0x010b64e5
                                      0x010b64ed
                                      0x010b64f1
                                      0x010b64f5
                                      0x010b64f6
                                      0x010b64fa
                                      0x010b6502
                                      0x010b6503
                                      0x010b6504
                                      0x010b6507
                                      0x010b651a
                                      0x010b6524
                                      0x010b6524
                                      0x010b6526
                                      0x010b6526
                                      0x010b64aa
                                      0x010b652c
                                      0x010b652d
                                      0x010b652e
                                      0x010b6539

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: DebugPrintTimes
                                      • String ID: 0$0
                                      • API String ID: 3446177414-203156872
                                      • Opcode ID: 8bd9f27e0615c30cf88e6eea0c935b0aeb61bed34276f453f6a66a844962494d
                                      • Instruction ID: 64c743c5e89d3376aa22183fa1dd1485f5fd610f9d5934445f90c47a7e2a4b68
                                      • Opcode Fuzzy Hash: 8bd9f27e0615c30cf88e6eea0c935b0aeb61bed34276f453f6a66a844962494d
                                      • Instruction Fuzzy Hash: A9415BB16087069FC351CF28C484A9ABBE5FF89714F04456EF588DB301D736EA45CB86
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0111FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E0111FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E010CCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01115720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01115720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                      0x0111fdda
                                      0x0111fde2
                                      0x0111fde5
                                      0x0111fdec
                                      0x0111fdfa
                                      0x0111fdff
                                      0x0111fe0a
                                      0x0111fe0f
                                      0x0111fe17
                                      0x0111fe1e
                                      0x0111fe19
                                      0x0111fe19
                                      0x0111fe19
                                      0x0111fe20
                                      0x0111fe21
                                      0x0111fe22
                                      0x0111fe25
                                      0x0111fe40

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0111FDFA
                                      Strings
                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0111FE2B
                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0111FE01
                                      Memory Dump Source
                                      • Source File: 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: true
                                      • Associated: 00000012.00000002.330918673.000000000117B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      • Associated: 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_18_2_1060000_SecuriteInfo.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                      • API String ID: 885266447-3903918235
                                      • Opcode ID: 08ef5896b2d7d76aecaac5b65461338f9af111a0b9ce1f630a6953997e01d515
                                      • Instruction ID: a49c01f17c2345fa1b6ea6feef7ee2589b3956392c4e6710c4ba7f3929adcb1e
                                      • Opcode Fuzzy Hash: 08ef5896b2d7d76aecaac5b65461338f9af111a0b9ce1f630a6953997e01d515
                                      • Instruction Fuzzy Hash: BFF0F632600602BFE6291A45DC02F63BF5BEB85B70F150328F6685A1D1DA62F86096F4
                                      Uniqueness

                                      Uniqueness Score: -1.00%